PIC/S 受法规约束的GMP/GDP环境下数据管理和完整性优良规范（中英文）

PIC/S GUIDANCE

PIC/S指南

GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED

GMP/GDP ENVIRONMENTS

受法规约束的GMP/GDP环境下数据管理和完整性优良规范

? PIC/S August 2016

2016年8月

Reproduction prohibited for commercial purposes.

Reproduction for internal use is authorised, provided that the source is acknowledged.

Editor: PIC/S Secretariat

e-mail: info@picscheme.org

web site: http://www.picscheme.org

TABLE OF CONTENTS  目录

1. Document history

文件历史

2. Introduction

引言

3. Purpose

目的

4. Scope

范围

5. Data governance system

数据管理系统

5.1 What is data governance

什么是数据管理

5.2 Data governance systems

数据管理系统

5.3 Risk management approach to data governance

数据管理的风险管理方法

5.4 Data criticality

数据关键度

5.5 Data risk

数据风险

5.6 Data governance system review

数据管理体系审核

6. Organisational influences on successful data integrity management

公司对数据完整性管理成功与否的影响

6.1 General

概述

6.2 Code of ethics and policies

道德和方针准则

6.3 Quality culture

质量文化

6.4 Modernising the Pharmaceutical Quality Management System

药物质量管理体系现代化

6.5 Regular management review of quality metrics

质量尺度的定期管理评审

6.6 Resource allocation

资源配置

6.7 Dealing with data integrity issues found internally

内部发现的数据完整性问题处理

7. General data integrity principles and enablers

一般数据完整性原则和推进者

8. Specific data integrity considerations for paper-based systems

纸质系统特定数据完整性考虑

8.1 Structure of QMS and control of blank forms/templates/records

QMS结构和空白表格/模板/记录的控制

8.2 Why is the control of records important?

为什么记录的控制如此重要？

8.3 Generation, distribution and control of template records

模板式记录的产生、分发和控制

8.4 Expectations for the generation, distribution and control of records

产生、分发和控制记录的要求

8.5 Use and control of records within production areas

生产区域内记录的使用和控制

8.6 Filling out records

记录填写

8.7 Making corrections on records

记录更正

8.8 Verification of records

记录核查

8.9 Maintaining records

记录维护

8.10 Direct print-outs from electronic systems

从电子系统中直接打印出的记录

8.11 True copies

真实备份

8.12 Limitations of remote review of summary reports

远程审核报告摘要的局限性

8.13 Document retention

文件保存

8.14 Disposal of original records

原始记录的废弃

9. Specific data integrity considerations for computerised systems

计算机化系统特定数据完整性考虑

9.1 Structure of QMS and control of computerised systems

QMS结果和计算机化系统的控制

9.2 Qualification and validation of computerised systems

计算机化系统的确认和验证

9.3 System security for computerised systems

计算机化系统的系统安全

9.4 Audit trails for computerised systems

计算机化系统的审计追踪

9.5 Data capture/entry for computerised systems

计算机化系统的数据捕获/输入

9.6 Review of data within computerised systems

计算机化系统内的数据审核

9.7 Storage, archival and disposal of electronic data

电子数据的存贮、归档和废弃

10. Data integrity considerations for outsourced activities

外包活动的数据完整性考虑

10.1 General supply chain considerations

一般供应链考虑

10.2 Routine document verification

日常文件核查

10.3 Strategies for assessing data integrity in the supply chain

供应链中数据完整性评估策略

11. Regulatory actions in response to data integrity findings

数据完整性缺陷引发的法规行动

11.1 Deficiency references

缺陷参考

11.2 Classification of deficiencies

缺陷分类

12. Remediation of data integrity failures

数据完整性失败时的弥补方法

12.1 Responding to significant data integrity issues

对重大数据完整性问题响应

12.2 Indicators of improvement

改善指标

13. Definitions

定义

14. Revision history

版本历史

1 DOCUMENT HISTORY 文件历史

Draft 1 of PI 041-1 presented to the PIC/S Committee at its meeting in Manchester	4-5 July 2016
曼彻斯特会议期间PI 041-1草案提交给PIC/S委员会	2016年7月4-5日
Consultation of PIC/S Participating Authorities on publication of the Good Practices as a draft and implementation on a trial basis	18 July – 31 July 2016
公布PIC/S草案征求参与药监机构意见及试行	2016年7月18日—31日
Minor edits to Draft 1	1 – 9 August 2016
第1版本草案轻微修订	2016年8月1-9日
Publication of Draft 2 on the PIC/S website	10 August 2016
第2版本草案在PIC/S网站上公布	2016年8月10日
Implementation of the draft on a trial basis and comment period for PIC/S Participating Authorities	10 August 2016 – 28 February 2017
试验实施和征求PIC/S参与药监机构意见阶段	2016年8月10日- 2017年2月28日
Review of comments by PIC/S Participating Authorities	…
PIC/S参与药监机构审核所收到的意见
Finalisation of draft	…
草稿定稿
Adoption by Committee of PI 041-1	[Date]
PI 041-1被委员会采纳
Entry into force of PI 041-1	[Date]
PI 041-1生效

2 INTRODUCTION 引言

2.1 PIC/S Participating Authorities regularly undertake inspections of manufacturers and distributors of API and medicinal products in order to determine the level of compliance with GMP/GDP principles. These inspections are commonly performed on-site however may be performed through the remote or off-site evaluation of documentary evidence, in which case the limitations of remote review of data should be considered.

PIC/S参与药监机构定期对原料药和制剂生产商和销售商进行检查，以确定其GMP/GDP符合性水平。这些检查通常是在现场实施，但也可以通过远程或离厂文件证据评估进行，这时要考虑远程数据审核的局限性。

2.2 The effectiveness of these inspection processes is determined by the veracity of the evidence provided to the inspector and ultimately the integrity of the underlying data. It is critical to the inspection process that inspectors can determine and fully rely on the accuracy and completeness of evidence and records presented to them.

这些检查流程的有效性是由提供给检查员的证据的真实性所决定的，并最终决定于数据背后的完整性。检查员可以确定并完全依赖呈交给他们的证据和记录的完整性和准确性对于检查过程来说非常关键。

2.3 Good data management practices influence the integrity of all data generated and recorded by a manufacturer and these practices should ensure that data is accurate, complete and reliable. While the main focus of this document is in relation to data integrity expectations, the principles herein should also be considered in the wider context of good data management.

优良数据管理规范影响生产商所产生和记录的所有数据，这些做法应能保证数据是准确的、完整的和可靠的。尽管此文件主要关注的是数据完整性要求，在更广的优良数据管理环境下也应考虑此指南所述原则。

2.4 Data Integrity is defined as “the extent to which all data are complete, consistent and accurate, throughout the data lifecycle”[1]1 and is fundamental in a pharmaceutical quality system which ensures that medicines are of the required quality. Poor data integrity practices and vulnerabilities undermine the quality of records and evidence, and may ultimately undermine the quality of medicinal products.

数据完整性定义为“所有数据在整个生命周期均完整、一致和准确的程度”，它在药物质量体系中是基本的要求，它确保药品具备所需的质量。不良的数据完整性做法和弱点会削弱记录和证据的质量，并最终可能破坏药品质量。

2.5 Data integrity applies to all elements of the Quality Management System and the principles herein apply equally to data generated by electronic and paper-based systems.

数据完整性适用于质量管理体系的所有要素，此中原则等同适用于电子和纸质系统产生的数据。

2.6 The responsibility for good practices regarding data management and integrity lies with the manufacturer or distributor undergoing inspection. They have full responsibility and a duty to assess their data management systems for potential vulnerabilities and take steps to design and implement good data governance practices to ensure data integrity is maintained.

数据管理和完整性优良规范的职责由接受检查的生产商或销售商承担。他们负有全部职责和义务来评估其数据管理体系，发现潜在弱点，设计和实施优良数据管理规范来确保数据完整性得到维护。

3 PURPOSE 目的

3.1 This document was written with the aim of:

本文件编制的目的是：

3.1.1 Providing guidance for inspectorates in the interpretation of GMP/GDP requirements in relation to data integrity and the conduct of inspections.

为检查员提供与数据完整性相关的GMP/GDP要求诠释及实施检查相关指南。

3.1.2 Providing consolidated, illustrative guidance on risk-based control strategies which enable the existing requirements for data integrity and reliability as described in PIC/S Guides for GMP[2] and GDP[3] to be implemented in the context of modern industry practices and globalised supply chains.

对基于风险的控制策略提供详细解说的整合指南，促使GMP和GDP的PIC/S指南中所述的现有数据完整性要求和可靠性在现代化工业做法和全球化供应链的环境下得到实施。

3.1.3 Facilitating the effective implementation of data integrity elements into the routine planning and conduct of GMP/GDP inspections; to provide a tool to harmonise GMP/GDP inspections and to ensure the quality of inspections with regards to data integrity expectations.

促进数据完整性要素在日常规划和实施GMP/GDP检查中有效实施，提供一个工具让GMP/GDP检查保持一致，保证数据完整性要求方面的检查质量。

3.2 This guidance, together with inspectorate resources such as aide memoire (for future development) should enable the inspector to make an optimal use of the inspection time and an optimal evaluation of data integrity elements during an inspection.

本指南与检查团资源，例如备忘录（用于进一步展开）一起让检查员优化使用检查时间，在检查中更好地评估数据完整性要素。

3.3 Guidance herein should assist the inspectorate in planning a risk-based inspection relating to data integrity.

本指南应协助检查组织规划基于风险的数据完整性相关检查。

3.4 This guide is not intended to impose additional regulatory burden upon regulated entities, rather it is intended to provide guidance on the interpretation of existing PIC/S GMP/GDP requirements relating to current industry practice.

本指南无意对受法规规范的主体形成强制的法规责任，它意在为目前行业规范相关的已有PIC/S GMP/GDP要求提供诠释。

3.5 The principles of data integrity apply equally to both manual and computerized systems and should not place any restraint upon the development or adoption of new concepts or technologies. In accordance with ICH Q10 principles, this guide should facilitate the adoption of innovative technologies through continual improvement.

数据完整性原则等同适用于手动和计算机化系统，不应该对发展和采用新概念或技术形成限制。根据ICH Q10原则，本指南应有助于通过持续改进采纳创新技术。

3.6 This version of the guidance is intended to provide a basic overview of key principles regarding data management and integrity. The PIC/S Data Integrity Working Group will periodically update, amend and review this guidance in light of inspectorate feedback, experience in using the guide and any other developments.

本版本指南意在为数据管理和完整性核心原则提供基本概貌。PIC/S数据完整性工作组将定期进行更新，根据检查团的反馈、使用本指南的经验以及任何其它发展修订和审核本指南。

4 SCOPE 范围

4.1 The guidance has been written to apply to both on-site and remote (desktop) inspections of those sites performing manufacturing (GMP) and distribution (GDP) activities. The guide should be considered as a non-exhaustive list of areas to be considered during inspection.

本指南适用于现场和远程（桌面）检查那些实施生产（GMP）和销售（GDP）活动的场所。本指南应作为检查期间要考虑领域的未尽清单。

4.2 Whilst this document has been written with the above scope, many principles regarding good data management practices described herein have applications for other areas of the regulated pharmaceutical and healthcare industry.

尽管此文件写就时覆盖上述范围，但其中许多关于优良数据管理规范的原则亦可应用于受法规规范的药品和保健行业的其它领域。

4.3 This guide is not intended to provide specific guidance for “for-cause” inspections following detection of significant data integrity vulnerabilities where forensic expertise may be required.

本指南无意为重大数据完整性漏洞引起的“有因”检查提供特定指南。在有因检查中，可能需要具有调查技巧的专家。

5 DATA GOVERNANCE SYSTEM 数据管理体系5.1 What is data governance? 什么是数据管理？

5.1.1 Data governance is the sum total of arrangements which provide assurance of data integrity. These arrangements ensure that data, irrespective of the process, format or technology in which it is generated, recorded, processed, retained, retrieved and used will ensure a complete, consistent and accurate record throughout the data lifecycle.

数据管理是为数据完整性提供保障的所有安排的总和。这些安排保证数据，不管其产生、记录、处理、保存、恢复和使用的过程、格式或技术如何，均能在数据的整个生命周期中保证完整、一致和准确的记录。

5.1.2 The data lifecycle refers to how data is generated, processed, reported, checked, used for decision-making, stored and finally discarded at the end of the retention period. Data relating to a product or process may cross various boundaries within the lifecycle. This may include data transfer between manual and IT systems, or between different organisational boundaries; both internal (e.g. between production, QC and QA) and external (e.g. between service providers or contract givers and acceptors).

数据生命周期指数据如何产生、处理、报告、检查、用于决策、存贮和在保存期结束后最终废弃。与一个药品或工艺相关的数据可能在其生命周期内会穿越不同边界。这可能包括手工和IT系统之间的数据转移，不同公司界限之间的数据转移，内部（例如生产、QC和QA之间）和外部（例如，服务提供商或合同发包方和接受方之间）的数据转移。

5.2 Data governance systems 数据管理系统

5.2.1 Data governance systems should be integral to the pharmaceutical quality system described in PIC/S GMP/GDP. It should address data ownership throughout the lifecycle, and consider the design, operation and monitoring of processes / systems in order to comply with the principles of data integrity, including control over intentional and unintentional changes to, and deletion of information.

数据管理系统应整合于PIC/S GMP/GDP所述的药物质量体系中。它应该说明数据在其生命周期中的所有者身份，考虑对过程/系统进行设计、运行和监测，以符合数据完整性原则，包括对有意和无意修改和删除信息的控制。

5.2.2 The data governance system should ensure controls over data lifecycle which are commensurate with the principles of quality risk management. These controls may be:

数据管理系统应保证在数据生命周期进行控制。控制应与质量风险管理原则相称。这些控制可以是：

l  Organisational 从公司角度

n  procedures, e.g. instructions for completion of records and retention of completed paper records;

n  程序，例如，记录完整的指令和完整纸质记录的保存；

n  training of staff and documented authorisation for data generation and approval;

n  培训人员和记录数据产生权限并批准；

n  data governance system design, considering how data is generated recorded, processed retained and used, and risks or vulnerabilities are controlled effectively;

n  数据管理系统的设计应考虑数据是如何产生、记录、处理、存贮和使用的，应对风险和漏洞进行有效控制；

n  routine data verification;

n  日常数据核查；

n  periodic surveillance, e.g. self-inspection processes seek to verifiy the effectiveness of the data governance policy.

n  定期监管，例如自检过程中核查数据管理方针的有效性。

l  Technical 技术角度

n  computerised system control,

n  计算机化系统控制

n  Automation

n  自动化

5.2.3 An effective data governance system will demonstrate Management’s understanding and commitment to effective data governance practices including the necessity for a combination of appropriate organisational culture and behaviours (section 6) and an understanding of data criticality, data risk and data lifecycle. There should also be evidence of communication of expectations to personnel at all levels within the organisation in a manner which ensures empowerment to report failures and opportunities for improvement. This reduces the incentive to falsify, alter or delete data.

一个有效的数据管理系统将证明管理者对有效数据管理规范的了解和承诺，包括适当的公司文化和行为（第6部分）和对数据关键程度、数据风险和数据生命周期的了解。还应有证据证明在公司内以一定方式将要求沟通传达至各层次人员，保证更大的权力来报告失败和改进机会。如此可以减少伪造、篡改和删除数据的诱因。

5.2.4 The organisation’s arrangements for data governance should be documented within their Quality Management System and regularly reviewed.

公司对数据管理的安排应记录在其质量管理体系内，并定期审核。

5.3 Risk management approach to data governance 数据管理的风险管理方法

5.3.1 Senior management is responsible for the implementation of systems and procedures to minimise the potential risk to data integrity, and for identifying the residual risk, using the principles of ICH Q9. Contract Givers should perform a similar review as part of their vendor assurance programme, (refer section 10)

高级管理层对实施系统和程序以降低数据完整性潜在风险，识别残留风险，使用ICH Q9原则承担责任。合同发包方应实施类似的审核，作为其供应商保证计划的一部分（参见第10部分）。

5.3.2 The effort and resource assigned to data governance should be commensurate with the risk to product quality, and should also be balanced with other quality resource demands. Manufacturers and analytical laboratories should design and operate a system which provides an acceptable state of control based on the data integrity risk, and which is fully documented with supporting rationale.

为数据管理所做的工作和所配置的资源应与产品质量风险相称，同时也要与其它质量资源需求相平衡。生产商和分析化验室应设计和运行一个体系，为数据完整性风险提供可接受的控制状态，并全面记录支持性原理。

5.3.3 Where long term measures are identified in order to achieve the desired state of control, interim measures should be implemented to mitigate risk, and should be monitored for effectiveness. Where interim measures or risk prioritisation are required, residual data integrity risk should be communicated to senior management, and kept under review. Reverting from automated / computerised to paper-based systems will not remove the need for data governance. Such retrograde approaches are likely to increase administrative burden and data risk, and prevent the continuous improvement initiatives referred to in paragraph 3.5.

如果认为需要采取长期措施，以达到想要的控制状态，则应实施临时措施来将缓解风险，并监测其有效性。如果需要采取临时措施或者是提高风险优先度，则应与高级管理层沟通所残留的数据完整性风险，保持审核。从自动化/计算机化转化为纸质系统不能解除对数据管理的需求。此种降解方式可能会增加行政负担和数据风险，阻止第3.5段中提提出的持续改进倡议。

5.3.4 Not all data or processing steps have the same importance to product quality and patient safety. Risk management should be utilised to determine the importance of each data/processing step. An effective risk management approach to data governance will consider:

不是所有数据和处理步骤都对药品质量和患者安全具有等同的重要性。应使用风险管理来确定每个数据/处理步骤的重要性。对数据管理的有效风险管理方法应考虑：

l  Data criticality (impact to decision making and product quality) and

l  数据关键程度（对制订决策和产品质量的影响）以及

l  Data risk (opportunity for data alteration and deletion, and likelihood of detection / visibility of changes by the manufacturer’s routine review processes).

l  数据篡改和删除的数据风险（机会），修改被生产商的日常审核流程所发现/可见的可能性）

From this information, risk proportionate control measures can be implemented.

从此信息中可知，可以实施与风险相当的控制措施。

5.4 Data criticality 数据关键程度

5.4.1 The decision that data influences may differ in importance, and the impact of the data to a decision may also vary. Points to consider regarding data criticality include:

受数据影响的决策可能会在重要程度上有所有不同，数据对决策的影响度可能也不同。关于数据关键程度要考虑的要素包括：

l  ??Which decision does the data influence? 数据影响了什么决策？

For example: when making a batch release decision, data which determines compliance with critical quality attributes is of greater importance than warehouse cleaning records.

例如，当作出批放行决策时，确定符合关键质量属性的数据比仓库清洁记录要重要。

l  ??What is the impact of the data to product quality or safety? 数据对药品质量或安全有什么影响？

For example: for an oral tablet, active substance assay data is of generally greater impact to product quality and safety than tablet friability data.

例如，对于口服特此证明，活性物质含量数据一般要比脆碎度数据对药品质量和安全影响更大。

5.5 Data risk 数据风险

5.5.1 Data risk assessment should consider the vulnerability of data to involuntary or deliberate alteration, falsification, deletion, loss or re-creation, and the likelihood of detection of such actions. Consideration should also be given to ensuring complete data recovery in the event of a disaster. Control measures which prevent unauthorised activity, and increase visibility / detectability can be used as risk mitigating actions.

数据完整性应考虑数据在有意和无意修改、伪造、删除、丢失或重新创建，以及被察觉可能性方面的弱点。还要考虑保证在灾难发生时恢复完整数据。防止未经授权的活动，增加可视性/检出能力的控制措施可以用作风险降低措施。

5.5.2 Examples of factors which can increase risk of data integrity failure include complex, inconsistent processes with open ended and subjective outcomes. Simple tasks which are consistent, well defined and objective lead to reduced risk.

可能会增加数据完整性失败的风险的因素例子包括复杂的不一致的工艺，有开放型结果和主观结果。定义明确、客观、一致的简单任务则会降低风险。

5.5.3 Risk assessments should focus on a business process (e.g. production, QC), evaluate data flows and the methods of generating data, and not just consider IT system functionality or complexity. Factors to consider include:

风险评估应关注一个业务流程（例如，生产、QC），评估数据流和数据产生方法，而不仅是评估IT系统功能和复杂性。要考虑的因素包括：

l  Process complexity;

l  工艺复杂性；

l  Methods of generating, storing and retiring data and their ability to ensure data accuracy, legibility, indelibility;

l  数据生成、存贮和退役的方法以及其保证数据准确性、清晰、不能消除的能力；

l  Process consistency and degree of automation / human interaction;

l  工艺一致性和自动/人工互动程度；

l  Subjectivity of outcome / result (i.e. is the process open-ended or well defined?); and

l  结果的主观性（即工艺是开放式的还是明确定义的；以及

l  The outcome of a comparison between of electronic system data and manually recorded events could be indicative for malpractices (e.g. apparent discrepancies between analytical reports and raw-data acquisition times).

l  电子系统数据和人工记录事件之间比较的结果可能对于不良规范来说具有指示性（例如，分析报告和原始数据获得时长之间有明显的差距）。

5.5.4 For computerised systems, manual interfaces with IT systems should be considered in the risk assessment process. Computerised system validation in isolation may not result in low data integrity risk, in particular when the user is able to influence the reporting of data from the validated system.

对于计算机化系统，在风险评估过程中应考虑人工与IT系统的界面。计算机化系统验证单独可能不会导致较低的数据完整性风险，尤其是当用户可以影响来自经过验证的系统中的数据报告时。

5.5.5 Critical thinking skills should be used by inspectors to determine whether control and review procedures effectively achieve their desired outcomes. An indicator of data governance maturity is an organisational understanding and acceptance of residual risk, which prioritises actions. An organisation which believes that there is ‘no risk’ of data integrity failure is unlikely to have made an adequate assessment of inherent risks in the data lifecycle. The approach to assessment of data lifecycle, criticality and risk should therefore be examined in detail. This may indicate potential failure modes which can be investigated during an inspection.

检查人员应使用批判性思维技巧来确定控制和审核程序是否能有效地得到其所要的结果。数据管理成熟度的一个指标就是公司对残留风险的了解和接受，它使得措施按优先顺序排列。一个相信数据“没有风险”的公司不可能对数据生命周期中内在的风险进行充分地评估。因此数据生命周期、关键程度和风险的评估方法应进行详细检查。这样可能会发现潜在的失效模式，在检查期间可以对此进行调查。

5.6 Data governance system review 数据管理系统审核

5.6.1 The effectiveness of data integrity control measures should be assessed periodically as part of self-inspection (internal audit) or other periodic review processes. This should ensure that controls over the data lifecycle are operating as intended.

数据完整性控制措施的有效性应作为自检（内审）或其它定期审核流程的一部分进行定期评估。这样才能保证对数据生命周期的控制按既定要求运作。

5.6.2 In addition to routine data verification checks, self-inspection activities should be extended to a wider review of control measures, including:

除了日常数据核查外，自检活动还应延伸到更宽的控制措施审核，包括：

l  A check of continued personnel understanding of data integrity in the context of protecting of the patient, and ensuring the maintenance of a working environment which is focussed on quality and open reporting of issues, e.g. by review of continued training in data integrity principles and expectations.

l  检查人员对保护患者环境下数据完整性意义的持续理解，确保维护工作环境是关注质量的，敞开接受问题报告，例如，通过审核员工在数据完整性原则和要求方面的持续培训。

l  A review for consistency of reported data/outcomes against raw data entries.

l  对所报告数据/结果对比原始数据输入进行一致性审核。

l  In situations where routine computerised system data is reviewed by a validated ‘exception report’[4], a risk-based sample of computerized system logs / audit trails to ensure that information of relevance to GMP activity is reported as expected

l  如果计算机化系统数据已通过经验证的“异常报告”方式进行日常审核，则对计算机化系统日志/审计追踪基于风险抽样，以确保GMP活动相关的信息按预定要求进行报告

5.6.3 An effective review process will demonstrate understanding regarding importance of interaction of company behaviours with organisational and technical controls. The outcome of data governance system review should be communicated to senior management, and be used in the assessment of residual data integrity risk.

有效的审核流程将证明对公司行为与公司和技术两方面的控制互动重要性的了解。数据管理系统审核的结果应与高级管理层进行沟通，可以用于残留数据完整性风险的评估。

---

[1] MHRA GMP Data Integrity Definitions and Guidance for Industry March 2015

MHRA GMP数据完整性定义和行业指南，2015年3月

[2] PIC/S PE 009 Guide to Good Manufacting Practice for Medicinal Products, specifically Part I chapters 4, 5, 6, Part II chapters 5, 6 & Annex 11

PIC/S PE009 药品GMP指南，具体为第一部分第4、5、6章，第二部分第5、6章和附录11.

[3] PIC/S PE 011 Guide to Good Distribution Practice for Medicinal Products, specifically sections 3, 4, 5 & 6

PIC/S PE 011 药品GDP指南，具体为第3、4、5和6部分。

[4] An ‘exception report’ is a validated search tool that identifies and documents predetermined ‘abnormal’ data or actions, which requires further attention or investigation by the data reviewer

“异常报告”是一种经过验证的搜索工具，它识别出并记录下预定为“异常”的数据或行为，这些数据和行为需要数据审核人员进行进一步关注或调查。

来源：Julia

6 ORGANISATIONAL INFLUENCES ON SUCCESSFUL DATA INTEGRITY MANAGEMENT 公司对成功的数据完整性管理的影响
6.1 General 通则

6.1.1 It may not be appropriate or possible to report an inspection citation relating to organisational behaviour. An understanding of how behaviour influences (i) the incentive to amend, delete or falsify data and (ii) the effectiveness of procedural controls designed to ensure data integrity, can provide the inspector with useful indicators of risk which can be investigated further.

检查报告中表扬公司行为可能不现实或者并不恰当。了解公司行为如何影响（1）什么诱使员工修订、删除或伪造数据（2）设计来确保数据完整性的程序控制的有效性，可以让检查人员获得可以进一步调查的有用风险指标。

6.1.2 Inspectors should be sensitive to the influence of culture on organizational behaviour, and apply the principles described in this section of the guidance in an appropriate way. An effective ‘quality culture’ and data governance may be different in its implementation from one location to another. Depending on culture, an organisation’s control measures may be:

检查人员应对于文化对公司行为的影响很敏感，并适当应用本指南本部分所述的原则。一个有效的“质量文化”和数据管理可能在其实施时会因公司有差异。根据文化的不同，一个公司的控制措施可能会是：

l   ‘open’ (where hierarchy can be challenged by subordinates, and full reporting of a systemic or individual failure is a business expectation)

l  “开放的”（这种情况下下级可以挑战等级，全面报告系统或个人失败是业务要求）

l   ‘closed’ (where reporting failure or challenging a hierarchy is culturally more difficult)

l  “封闭的”（这种情况下报告失败或挑战等级从文化角度来讲更困难）

6.1.3 Good data governance in ‘open’ cultures may be facilitated by employee empowerment to identify and report issues through the quality system. In ‘closed’ cultures, a greater emphasis on oversight and secondary review may be required to achieve an equivalent level of control due to the social barrier of communicating undesirable information. The availability of anonymous escalation to senior management may also be of greater importance in this situation.

在“开放的”文化中，优良数据管理可能会由于员工受到鼓励而有助于识别并报告整个质量体系中的问题。而在“封闭的”文化中，更强调监管，因为社交障碍而无法沟通非期望信息，则需要有第二层闪的审核来达到同等水平的控制。在这种情况下，匿名向高级管理层越级报告的方法也可能会更重要。

6.1.4 The extent of Management’s knowledge and understanding of data integrity can influence the organisation’s success of data integrity management. Management must know their legal and moral obligation (i.e., duty and power) to prevent data integrity lapses from occurring and to detect them, if they should occur.

管理层在数据完整性方面的知识和了解程度可能会影响公司成功地进行数据完整性管理。管理层必须知道其防止数据完整性失误发生，并在发生时发现这些失误的法定和道德义务（即责任和权力）。

6.1.5 Lapses in data integrity are not limited to fraud or falsification, they can be unintentional and still pose risk. Any potential for compromising the reliability of data is a risk that should be identified and understood in order for appropriate controls to be put in place, (refer sections 5.3 - 5.5). Direct controls usually take the form of written policies and procedures, but indirect influences on employee behaviour (such as incentives for productivity in excess of process capability) should be understood and addressed as well.

数据完整性失误不仅局限于欺诈或伪造，他们可能是无意的，但仍具有风险。任何让数据可靠性受到损害的可能均是风险，应该识别并了解，以进行适当控制（参见第5.3-5.5部分）。直接控制通常是书面方针和程序，但对员工行为的非直接影响（例如，超出产能的生产率诱因）也需要了解和说明。

6.1.6 Data integrity breaches can occur at any time, by any employee, so management needs to be vigilant in detecting issues and understand reasons behind lapses, when found, to enable investigation of the issue and implementation of corrective and preventative actions.

数据完整性被破坏可能会发生在任何时间，来自于任何员工，因此管理层需要保持警警惕，发现问题并在发现后了解问题后面的原因，以促进问题的调查和CAPA的实施。

6.1.7 There are consequences of data integrity lapses that affect the various stakeholders (patients, regulators, customers) including directly impacting patient safety and undermining confidence in the organisation and its products. Employee awareness and understanding of these consequences can be helpful in fostering an environment in which quality is a priority.

数据完整性发生问题会产生不良后果，影响大量的利益相关方（患者、法规管理方、客户），包括直接影响患者安全，动摇公司及其产品的可信度。员工明白和理解这些不良后果有助于培育质量优先的环境。

6.1.8 Management should establish controls to prevent, detect and correct data integrity breaches, as well as verify those controls are performing as intended to assure data integrity. To achieve success with data integrity, Management should address the following:

管理层应建立控制来防止、发现和纠正数据完整性偏离情况，以及核查那些意在保证数据完整性实施的控制。为了成功达到数据完整性要求，管理层应强调以下要求：

6.2 Code of ethics and policies 道德准则和方针

6.2.1 A Code of Values & Ethics should reflect Management’s philosophy on quality, achieved through policies (ie. a Code of Conduct) that are aligned to the quality culture and develop an environment of trust, where all individuals are responsible and accountable for ensuring patient safety and product quality.

价值观和道德准则应反映管理层的质量理念，通过方针来达成（即行为准则）。方针应与质量文化一致，建立一种信任的环境，在其中所有员工均承担保证患者安全和药品质量的职责。

6.2.2 The company’s general ethics and integrity standards need to be established and known to each employee and these expectations should be communicated frequently and consistently.

公司应建立基本道德和完整性标准，让每位员工知晓，并且持续频繁地就这些要求进行沟通。

6.2.3 Management should make personnel aware of the importance of their role in ensuring data integrity and the implication of their activities to assuring product quality and protecting patient safety.

管理层应让员工明白其职责在保证数据完整性上的重要性，暗示其活动将确保药品质量和保护患者安全。

6.2.4 Code of Conduct policies should clearly define the expectation of ethical behaviour, such as honesty. This should be communicated to and be well understood by all personnel. The communication should not be limited only to knowing the requirements, but also why they were established and the consequences of failing to fulfill the requirements.

行为准则方针应清楚定义道德行为的要求，例如诚实。所有员工均应该沟通并理解。沟通不应仅仅局限于知道该要求，还要知道为什么要建立方针，如果不能满足要求后果会是什么。

6.2.5 Unwanted behaviours, such as deliberate data falsification, unauthorised changes, destruction of data, or other conduct that compromises data integrity should be addressed promptly. Disciplinary action may be taken, when warranted. Similarly, conforming behaviours should be recognised appropriately.

有害的行为，如蓄意篡改、未经授权更改、毁坏数据，或其它损害数据完整性的行为均应及时说明。必要时应采取处分措施。类似地，应恰当认可符合性行为。

6.2.6 There should be a confidential escalation program supported by company policy and procedures whereby it encourages personnel to bring instances of possible breaches to the Code of Conduct to the attention of management without consequence.

公司方针应支持机密升级计划和程序，它能鼓励员工将可能会打破行为准则的事件报告给管理层知道而不会受到处罚。

6.3 Quality culture 质量文化

6.3.1 Management should aim to create a work environment (ie. quality culture) that is transparent and open, one in which personnel are encouraged to freely communicate failures and mistakes, including potential data reliability issues, so that corrective and preventative actions can be taken. Organisational reporting structure should permit the information flow between personnel at all levels.

管理层应致力于创建一个透明公开的工作环境（即质量文化）。在这样的环境下，员工被鼓励自由沟通失败情况和所犯错误，包括潜在的数据可靠性问题，这样能够采取纠正和预防措施。公司报告结构应允许所有层级之间的信息流。

6.3.2 It is the collection of values, beliefs, thinking, and behaviours demonstrated consistently by management, team leaders, quality personnel and all personnel that contribute to creating a quality culture to assure data integrity.

它是价值观、信仰、思维和行为的集合，由管理层、团队领导、质量人员和所有涉及创造质量文化确保数据完整性的人员一致遵守。

6.3.3 Management can foster quality culture:

管理层可以培养以下质量文化：

l  Ensure awareness and understanding of expectations (eg. Code of Ethics and Code of Conduct);

l  确保员工明白和理解要求（例如，道德准则和行为准则）；

l  Lead by example, management should demonstrate the behaviours they expect to see ;

l  以身作则，管理层应自身实践他们所期望看到的行为；

l  Ensure accountability for actions and decisions;

l  保证行为和决策职责；

l  Stay continuously and actively involved;

l  保持持续主动参与；

l  Set realistic expectations, consider the limitations that place pressures on employees;

l  设定可行的要求，考虑员工所受到的局限性；

l  Allocate resources to meet expectations;

l  配置资源以达成目标；

l  Implement fair and just consequences and rewards; and

l  实施公平公正奖罚；并且

l  Be aware of regulatory trends to apply lessons learned to your organisation.

l  明白法规趋势，将现有案例和教训在公司内部应用。

6.4 Modernising the Pharmaceutical Quality Management System 药品质量管理体系现代化

6.4.1 The application of modern quality risk management principles and good data management practices to the current pharmaceutical quality management system serves to modernize the System to meet the challenges that come with the generation of complex data.

现代化质量风险管理原则和优良数据管理规范在当前药物质量管理体系中的应用是为了将系统现代化，以应对复杂数据产生所带来的挑战。

6.4.2 The company’s Quality Management System should be able to prevent, detect and correct weaknesses in the system or their processes that may lead to data integrity lapses. The company should know their data life cycle and integrate the appropriate controls and procedures such that the data generated will be valid, complete and reliable. Specifically, such control and procedural changes may be in the following areas:

公司的质量管理体系应能够防止、发现和纠正系统或流程中的弱点，这些弱点可能会导致数据完整性问题。公司应知晓其数据的生命周期，在其中包括适当的控制和程序，这样所产生的数据才能有效、完整和可靠。具体来说，这类控制和程序的变化可能会是在以下领域：

l  Risk assessment and management,

l  风险评估和管理；

l  Investigation programs,

l  调查计划；

l  Data review practices (section 9),

l  数据审核规范（第9部分）；

l  Computer software validation,

l  计算机软件验证；

l  Vendor/contractor management ,

l  供方/合同方管理；

l  Training program to include company’s data integrity policy and data integrity SOPs ,

l  培训计划包括公司的数据完整性方针和数据完整性SOP；

l  Self-inspection program to include data integrity, and

l  自检计划包括数据完整性；并且

l  Quality metrics and reporting to senior management.

l  质量量度并向高级管理层报告。

6.5 Regular management review of quality metrics 质量量度日常管理评审

6.5.1 There should be regular management reviews of quality metrics, including those related to data integrity, such that significant issues are identified, escalated and addressed in a timely manner. Caution should be taken when key performance indicators are selected so as not to inadvertently result in a culture in which data integrity is lower in priority.

应该对质量量度进行定期管理评审，包括那些与数据完整性有关的内容，这样才能及明发现、升级和处理重大问题。在选择关键性能指标时要谨慎，不致疏忽地成就了将数据完整性优先程度降低的文化。

6.5.2 The head of the Quality unit should have direct access to the highest level of management in order to directly communicate risks so that senior management is aware and can allocate resources to address any issues.

质量部门领导应可以直接接触到最高层级的管理人员，以便直接沟通风险，这样高级管理层就能明白并可以配置资源来解决所有问题。

6.5.3 Management can have an independent expert periodically verify the effectiveness of their systems and controls.

管理层可以有一个独立的专家来定期核查其系统和控制有效性。

6.6 Resource allocation 资源配置

6.6.1 Management should allocate appropriate resources to support and sustain good data integrity management such that the workload and pressures on those responsible for data generation and record keeping do not increase the likelihood of errors or the opportunity to deliberately compromise data integrity.

管理层应配置适当的资源来支持和保持优良数据完整性管理，这样负责数据产生和记录保存的工作量和工作压力应不会增加错误和蓄意破坏数据完整性机会的可能性。

6.6.2 There should be sufficient number of personnel for quality and management oversight, IT support, conduct of investigations, and management of training program that are commensurate with the operations of the organisation. There should be provisions to purchase equipment, software and hardware that are appropriate for their needs, based on the criticality of the data in question.

应该有足够数量的人员负责质量和管理监督、IT支持、调查实施，以及培训计划管理，使其与公司的运营相称。应该有条款规定设备、软件和硬件的采购，它应该基于所讨论数据的关键程度，并使其与其需求相适当。

6.6.3 Personnel must be qualified and trained for their specific duties, with appropriate segregation of duties, including the importance of good documentation practices. There should be evidence of the effectiveness of training on critical procedures, such as electronic data review. The concept of data integrity applies to all functional departments that play a role in GMP, including areas such as IT and engineering.

人员必须具备资质，经过其特定任务方面的培训，有适当的职责分工，包括优良文件记录规范的重要性。应该有证据证明关键程度培训的有效性，如电子数据审核。数据完整性的概念适用于所有在GMP中起作用的职能部门，包括如IT和工程领域。

6.6.4 Data integrity should be familiar to all, but data integrity experts from various levels (SMEs, supervisors, team leaders) may be called upon to work together to conduct/support investigations, identify system gaps and drive implementation of improvements.

所有人均应熟悉数据完整性，但来自不同层面的数据完整性专家（SME、主管、团队领导）可能会被召唤到一起，协作实施/支持调查、识别系统差距并推进实施改进。

6.6.5 Introduction of new roles in an organisation relating to data integrity such as a data custodian or Chief Compliance Officer might be considered.

可能需要考虑在公司内引入与数据完整性相关的新职位，例如数据监管员或首席符合性管理员。

6.7 Dealing with data integrity issues found internally 处理内部发现的数据完整性问题

6.7.1 In the event that data integrity lapses are found, they should be handled as any deviation would be according to the Quality Management System. It is important to determine the extent of the problem as well as its root cause, then correcting the issue to its full extent and implement preventative measures. This may include the use of a third party for additional expertise or perspective, which may involve a gap assessment to identify weaknesses in the system.

如果发现数据完整性问题，首先应根据质量管理体系作为偏差处理。确定问题的深度和其根本原因很重要，然后全面纠正该问题，并实施预防措施。这可能包括使用第三方来获得额外的专业知识和观点，可能需要进行差距评估来识别出系统里的弱点。

6.7.2 When considering the impact on product, any conclusions drawn should be supported by sound scientific evidence.

在考虑对产品的影响时，所做出的任何结论均应是基于科学合理的证据。

6.7.3 Corrective actions may include product recall, client notification and reporting to regulatory authorities.

纠正措施可以包括召回产品、通知客户和向法规当局报告。

6.7.4 Further guidance may be found in section 12 of this guide.

更多指南可以在本指南第12部分找到。

7 GENERAL DATA INTEGRITY PRINCIPLES AND ENABLERS 基本数据完整性原则和应用工具

7.1 The Pharmaceutical Quality Management System (QMS) should be implemented throughout the different stages of the life cycle of the Active Pharmaceutical Ingredients and medicinal products and should encourage the use of science and risk-based approaches.

药物质量管理体系（QMS）应在原料药和制剂整个生命周期的不同阶段实施，应鼓励使用基于风险的科学方法。

7.2 To ensure that decision making is well informed and to verify that the information is reliable, the events or actions that informed those decisions should be well documented. As such, Good Documentation Practices (GDocPs) are key to ensuring data integrity, and a fundamental part of a well designed Pharmaceutical Quality Management System (discussed in section 6).

为保证决策有良好沟通，也为了核查信息是否可靠，告知这些决策的事件或行动应记录完好。因而，优良文件记录规范（GdocPs）对于保证数据完整性非常关键，并且成为设计良好的药物质量管理系统的一个基本部分（在第6部分讨论）。

7.3 The application of GdocPs may vary depending on the medium used to record the data (ie. Physical vs. electronic records), but the principles are applicable to both. This section will introduce those key principles and following sections (8 & 9) will explore these principles relative to documentation in both paper-based and electronic-based recordkeeping.

GdocPs的应用可能会根据用于记录数据的介质有所不同（即物理VS电子记录），但这些原则适用于两者。本部分会介绍关键原则，后面的部分（8和9）则会展开这些原则，分别针对纸质文件和电子记录保存。

7.4 Some key concepts of GdocPs are ummarized by the acronym ALCOA: Attributable, Legible, Contemporaneous, Original, Accurate. To this list can be added the following: Complete, Consisitent, Enduring and Available (ALCOA+[1]5). Together, these expectations ensure that events are properly documented and the data can be used to support informed decisions.

一些GdocPs的关键概念用术语ALCOA进行了总结：可追溯性、清晰、同步、原始、准确。此清单可以增加：完整、一致、持久和可获得（ALCOA+）。它们合在一起组成的要求确保事件被恰当记录，数据可以用来支持所做决策。

7.5 Basic DI principles applicable to both paper and electronic systems (ALCOA +):

适用于纸质和电子系统的基本DI原则（ALCOA+）

Data Integrity Attribute 数据完整性属性	Requirement 要求
Attributable	It should be possible to identify the individual who performed the recorded task. The need to document who performed the task / function, is in part to demonstrate that the function was performed by trained and qualified personnel. This applies to changes made to records as well: corrections, deletions, changes, etc.
可追溯性	应该可以识别出实施了记录的任务的个人。记录下谁实施了任务/职责的需求是证明该职责是由经过培训有资质的人员实施的一部分。这也适用于对记录进行修正时：修正、删除、变更等。
Legible	All records must be legible – the information must be readable in order for it to be of any use. This applies to all information that would be required to be considered Complete, including all Original records or entries. Where the ‘dynamic’ nature of electronic data (the ability to search, query, trend, etc) is important to the content and meaning of the record, the ability to interact with the data using a suitable application is important to the ‘availability’ of the record.
清晰	所有记录均应清晰---信息必须可以读出以便任何用途。这适用于要求完整的所有信息，包括所有原始记录或输入。如果电子数据的“动态”属性（能够搜索、查询、做趋势分析等）对于记录的内容和含义很重要，则使用适当的软件与数据互动的能力对于记录的“可获得性”就很重要。
Contemporaneous	The evidence of actions, events or decisions should be recorded as they take place. This documentation should serve as an accurate attestation of what was done, or what was decided and why, i.e. what influenced the decision at that time.
同步	动作、事件或决策的证据应在其发生时记录。此记录应作为做了什么、决定了什么以及为什么的准确证明，即在当时是什么影响了决策。
Original	The original record can be described as the first-capture of information, whether recorded on paper (static) or electronically (usually dynamic, depending on the complexity of the system). Information that is originally captured in a dynamic state should remain available in that state.
原始	原始记录可以在信息首次被捕获时描述，可以是记录在纸上（静态），也可以是电子的（通常是动态的，取决于系统的复杂性）。原始以动态状态捕获的信息应保持在该状态可获得。
Accurate	Ensuring results and records are accurate is achieved through many elements of a robust Pharmaceutical Quality Management System. This can be comprised of: -    equipment-related factors such as qualification, calibration, maintenance and computer validation. -    policies and procedures to control actions and behaviours, including data review procedures to verify adherence to procedural requirements -    deviation management including root cause analysis, impact assessments and CAPA -    trained and qualified personnel who understand the importance of following established procedures and documenting their actions and decisions. Together, these elements aim to ensure the accuracy of information, including scientific data, that is used to make critical decisions about the quality of products.
准确	通过稳健的药物质量管理体系许多元素来保证结果和记录是准确的。这可以包括： -    与设备相关的因素，如确认、校正维护和计算机验证 -    控制措施和行为的方针和程序，包括数据审核程序用以核查是否符合程序要求 -    偏差管理，包括根本原因分析，影响分析和CAPA -    受过培训的有资质的人员了解遵守既定程序和记录其活动和决策的重要性 这些要素一起保证信息的准确性，包括用于做出关于产品质量关键决策的科学数据。
Complete	All information that would be critical to recreating an event is important when trying to understand the event. The level of detail required for an information set to be considered complete would depend on the criticality of the information. (see section 5.4 Data criticality). A complete record of data generated electronically includes relevant metadata.
完整	当试图了解一件事情时，所有在还原该事件时关键的信息都是重要的。一个信息需要考虑成为完成时所需的详细程度取决于信息的关键程度（参见第5.4部分数据关键程度）。一个由电子方式产生的数据的完整记录包括相关的元数据。
Consistent	Good Documentation Practices should be applied throughout any process, without exception, including deviations that may occur during the process. This includes capturing all changes made to data.
一致	优良文件记录规范应适用于所有过程，没有例外，包括在过程中发生的偏差。这包括了捕获对数据所做的所有变更。
Enduring	Part of ensuring records are available is making sure they exist for the entire period during which they might be needed. This means they need to remain intact and accessible as an indelible/durable record.
持久	保证记录可以获得的一部分内容是确保其在可能需要的整个时间段都存在。这表示他们需要用为一份清晰/持久的记录保持完好无损并且可以获取。
Available	Records must be available for review at any time during the required retention period, accessible in a readable format to all applicable personnel who are responsible for their review whether for routine release decisions, investigations, trending, annual reports, audits or inspections.
可获得	记录必须在其所要求的保存期间随时可以获得用于审核，负责其日常放行决策、调查、趋势分析、年报、审核或检查中审核的所有适合的人员都能可读格式获得。

7.6 If these elements are appropriately applied to all applicable areas of GMP and GDP-related activities, along with other supporting elements of a Pharmaceutical Quality Management System, the reliability of the information used to make critical decisions regarding drug products should be adequately ensured.

如果这些要素恰当应用于所有GMP和GDP相关活动领域，与其它PQMS的支持要素一起，用于做出药品关键决策的信息的可靠信就能得到充分保证。

---

[1] EMA guidance for GCP inspections conducted in the context of the Centralised Procedure

8 SPECIFIC DI CONSIDERATIONS FOR PAPER-BASED SYSTEMS 纸质系统特定DI考虑
8.1 Structure of quality management system (QMS) and control of blank forms/templates/records QMS结构和空白格式/模板/记录控制

8.1.1 The effective management of paper based documents is a key element of GMP/GDP. Accordingly the documentation system should be designed to meet GMP/GDP requirements and ensure that documents and records are effectively controlled to maintain their integrity.

纸质文件的有效管理是GMP/GDP的关键要素。因而，文件记录系统的设计应符合GMP/GDP要求，确保文件和记录有效受控，以保持其完整性。

8.1.2 Paper records must be controlled and must remain attributable, legible, indelible/durable, contemporaneous, original and accurate (ALCOA) throughout the data lifecycle.

纸质记录必须受控，必须在数据生命周期中保留其ALCOA属性。

8.1.3 Procedures outlining good documentation practices and arrangements for document control should be available within the QMS. These procedures should specify:

QMS内应该有文件控制程序列出优良文件记录规范和安排。这些程序应指定：

l  How master documents and procedures are created, reviewed and approved for use;

l  主记录和程序如何创建、审核和批准使用；

l  Generation, distribution and control of templates used to record data (master , logs, etc.);

l  用于记录数据的模板的生成、发放和控制（主文件、日志等）；

l  Retrieval and disaster recovery processes regarding records.

l  记录恢复和灾难恢复过程；

l  The process for generation of working copies of documents for routine use, with specific emphasis on ensuring copies of documents, e.g. SOPs and blank forms are issued and reconciled for use in a controlled and traceable manner.

l  生成日常使用的工作记录的流程，具体强调保证文件的副本，例如，SOP和空白表格应使用受控和可追溯方式发放和平衡数量；

l  Guidance for the completion of paper based documents, specifying how individual operators are identified, data entry formats and amendments to documents are recorded.

l  纸质文件填写指南，说明各操作人员如何识别记录，说明数据输入格式以及如何增补更正文件；

l  How completed documents are routinely reviewed for accuracy, authenticity and completeness;

l  填写完成的记录日常如何审核其准确性、可信性和完整性；

l  Processes for the filing, retrieval, retention, archival and disposal of records.

l  记录的填写、恢复、保存、归档和废弃流程；

l  How data integrity is maintained throughout the lifecycle of the data.

l  在整个数据的生命周期维护数据完整性。

8.2 Why is the control of records important? 记录控制为什么很重要？

l  Evidence of activities performed;

l  活动实施的证据；

l  Evidence of compliance with GMP requirements and company policies, procedures and work instructions;

l  符合GMP要求和公司方针、程序和工作指令的证据；

l  Effectiveness of Pharmaceutical QMS;

l  药物QMS有效性；

l  Traceability;

l  可追溯性；

l  Process authenticity and consistency ;

l  工艺真实性和一致性；

l  Evidence of the good quality attributes of the medicinal products manufactured; and

l  所生产的药品具有优良质量属性的证据；以及

l  In case of complaints, records could be used for investigational purposes.

l  如果有客户投诉，记录可以用于调查。

8.3 Generation, distribution and control of template records 模板记录的生成、发放和控制

8.3.1 Why is managing and controlling master records necessary? 为什么要管理和控制母版记录？

Managing and controlling master records is necessary to ensure that the risk of someone inappropriately using and/or falsifying a record ‘by ordinary means’ (i.e. not requiring the use of specialist fraud skills) is reduced to an acceptable level.

管理和控制母版记录对于保证将人们“通过常规方法”（即不需要使用专家级造假技巧）不恰当使用和/或伪造记录的风险降至可接受水平是必须的。

The following expectations should be implemented using a quality risk management approach, considering the risk and criticality of data recorded (see section 5.4, 5.5).

以下要求应使用质量风险管理方式实施，同时考虑数据记录的风险和关键程度（参见第5.4，5.5部分）。

8.4 Expectations for the generation, distribution and control of records 记录生成、发放和控制要求

Expectations 要求		Potential risk of not meeting expectations/items to be checked 不符合要求时需要检查的潜在风险
Item:	Generation 产生
1	All documents should have a unique identification number (including the version number) and should be checked, approved, signed and dated. The use of uncontrolled documents should be prohibited by local procedures. The use of temporary recording practices, e.g. scraps of paper should be prohibited.	Uncontrolled documents increase the potential for omission or loss of critical data as these documents may not be designed to correctly record critical data. It may be easier to falsify uncontrolled records. Risk of using superseded forms if there is no version control or controls for issuance.
	所有文件均应有唯一的识别号（包括版本号），应进行检查、批准、签名并签署日期。 应通过程序禁止使用非受控文件。应禁止使用临时记录的做法，例如刮擦纸张。	非受控文件记录增加了关键数据丢失或忽略的可能性，因为这些文件记录的设计不利于正确记录关键数据。 伪造非受控的记录可能会更容易一点。 如果没有版本控制和发放控制，则会产生使用失效的格式的风险。
2	The document design should provide sufficient space for manual data entries.	Handwriting data may not be clear and legible if the spaces provided for data entry are not sufficiently sized. If additional pages of the documents are added to allow complete documentation, the number of, and reference to any pages added should be clearly documented on the main record page and signed.
	记录设计应留出足够的空白让员工书写数据。	如果没有留出足够的空白，手书记录可能会不清楚，无法阅读。 如果给记录附加了页，使得员工可以写完记录内容，则每页应该加编号和索引号，并记录在主记录页中，并在加页上签字。
3	The document design should make it clear what data is to be provided in entries.	Ambiguous instructions may lead to inconsistent/incorrect recording of data. Ensures clear, contemporaneous and indelible/durable completion of entries.
	文件设计时应写清楚在输入中要提供什么数据。	指令不清可能会导致数据记录不一致/不正确。 保证书写内容清楚、同步、可读/持久及完整。
4	Documents should be stored in a manner which ensures appropriate version control. Master copy (in soft copy) should be prevented from unauthorised or inadvertent changes. E.g.: For the template records stored electronically, the following precautions should be in place: -    Access to master templates should be controlled; -    process controls for creating and updating versions should be clear and practically applied/verified; -    master documents should be stored in a manner which prevents unauthorised changes;	Inappropriate storage conditions can allow unauthorised modification, use of expired and/or draft documents or cause the loss of master documents. The processes of implementation and the effective communication are just as important as the document. Master copies should contain distinctive marking so to distinguish the master from a copy, e.g. use of colored papers or inks so as to prevent inadvertent use.
	文件记录存贮方式应保证受到恰当的版本控制。 主文件（软复本）应保护不会被未经授权或不经意地修改。例如，对于以电子方式存贮的模板式记录，应有以下注意事项： -    应控制接触模板母本的权限 -    版本创建和更新过程控制应清楚，并实际可操作/核查 -    主文件存贮方式应能防止未经授权的修改	不恰当的存贮条件可能会发生未经授权的修改、使用过期的和/或草稿文件或导致主文件丢失。 实施流程和有效沟通与文件一样重要。 主件应有清楚标识，与副本相区别，例如，使用有颜色的纸张或墨水，这样防止不经意误用。
Item:	Distribution and Control 分发和控制
1	Updated versions should be distributed in a timely manner. Obsolete master documents and files should be archived and their access restricted. Any issued and unused physical documents retrieved and destroyed accordingly.	There may be a risk that obsolete versions can be used by mistake if available for use.
	更新后的版本应及时分发。 过期母版文件记录应归档，接受它们的权限应进行限制。 所有已发放但未使用的纸质文件应相应收回和销毁。	如果过期版本能够被拿到，则有被误用的风险。
2	Issue should be controlled by written procedures that include the following controls: -    using of a secure stamp, or paper color code not available in the working areas or another appropriate system. -    ensuring that only the current approved version is available for use. -    allocating a unique identifier to each blank document issued and recording the issue of each document in a register. -    numbering every distributed copy (e.g.: copy 2 of 2) and sequential numbering of issued pages in bound books. -    Where the re-issue of additional copies of the blank template is necessary, a controlled process regarding re-issue should be followed. All distributed copies should be maintained and a justification and approval for the need of an extra copy should be recorded, e.g.: “the original template record was damaged”. -    All issued records should be reconciled following use to ensure the accuracy and completeness of records.	Without the use of security measures, there is a risk that rewriting or falsification of data may be made after photocopying or scanning the template record (which gives the user another template copy to use). Obsolete version can be used intentionally or by error. A filled record with an anomalous data entry could be replaced by a new rewritten template. All unused forms should be accounted for, and either defaced and destroyed, or returned for secure filing.
	应有书面程序控制记录分发，包括以下控制： -    使用工作区域无法获得的安全保存的印章或有色纸，或者使用其它合适的系统 -    保证只能获得批准的现行版本供使用 -    为发放的每份空白记录给定一个唯一识别标志，并在登记册上记录每份文件的发放 -    为每个分发的副本编号（例如，副本2，共有2），对装订成册的记录每页均给定连续编号 -    如果需要多次发放空白模板副本，则应遵守多次发放的受控程序。所有发放的副本均应维护，需要额外副本的时应说明和批准并记录，例如“原模板记录受损”。 -    所有发放的记录在使用后应计数平衡，以保证记录的准确性和完整性。	如果不使用安全措施，则会存在影印或扫描模板记录（当发给用户一个模板使用时）后重新书写或伪造数据的见险。 过期版本可能会被有意或无意使用。 填写好的记录如果有反常数据输入，可能会被使用新的重写过的模板替换。 所有未使用的表格均应计数，要么划掉并销毁，要么退回安全归档。

8.4.1 An index of all the template records should be maintained by QA organisation. This index should mention for each type of template record at least the following information: title, reference number including version number, location (e.g., documentation data base, effective date, next review date, etc.

QA部门应维护一份所有模板记录的清单。此索引清单应至少提到各类模板记录中的以下信息：标题、索引号包括版本号、位置（例如，文件记录数据库）、有效日期、下次审核日期等。

8.5 Use and control of records within production areas 生产区域记录使用和控制

8.5.1 Records should be appropriately controlled in the production areas by designated persons or processes. These controls should be carried out to minimize the risk of damage or loss of the records and ensure data integrity. Where necessary, measures must be taken to protect records from being soiled (e.g. getting wet or stained by materials, etc).

在生产区域的记录应由指定人员或流程进行恰当控制。应实施这些控制来减少记录受损或丢失的风险，保证数据完整性。必要时，必须采取措施保护记录不被污损（例如，弄湿或被物料弄脏等）。

8.6 Filling out records 记录填写

8.6.1 The items listed in the table below should be controlled to assure that a record is properly filled out.

下表中列出的项目应进行控制，以保证记录填写符合要求。

Expectations 要求

Specific elements that should be checked / Potential risk of not meeting expectations

应检查的具体要素/不符合要求的潜在风险

Item项目

Completion of records 记录完成

1

Handwritten entries must be made by the person who executed the task.

Unused, blank fields within documents should be crossed-out, dated and signed.

Handwritten entries should be made in clear and legible writing.

The completion of date fields should be done in the format defined for the site. E.g. dd/mm/yyyy or mm/dd/yyyy.

Check that handwriting is consistent for entries made by the same person.

Check the entry is legible and clear (i.e. unambiguous; and does not include the use of unknown symbols / abbreviation, e.g. use of ditto (“) marks.

Check for completeness of data recorded.

Check correct pagination of the records and are all pages present.

手书记录必须是执行任务的人书写。

文件中未经使用的空白格应划掉、签名并书写日期。

手书记录应清晰可读。

日期格式应按工厂要求填写完整，例如：2位日+2位月+4位年，或者是2位月+2位日+4位年

检查同一员工填写的记录笔迹一致。

检查书写内容清晰可读（即，没有不清楚，不包括使用未知符合/缩写，例如使用表示重复内容的两点。

检查所记录数据是否完整。

检查记录页编号是否正确，是否无缺失页。

2

Filling out operations should be contemporaneous[1].

Verify that records are available within the immediate areas in which they are used, i.e Inspectors should expect that sequential recording can be performed at the site of operations. If the form is not available at the point of use, this will not allow operators to fill in records at the time of occurrence.

操作内容的填写必须同步。

核查记录是否在其使用区域可以获得，即，检查员应要求在操作现场就地完成记录。如果在使用点找不到记录，则操作员不可能在操作同时填写记录。

3

Records should be indelible.

Check that written entries are in ink, which is not erasable and/or will not smudge or fade (during the retention period).

Check that the records were not filled out using pencil prior to use of pen (overwriting).

Note that some paper printouts from systems may fade over time, e.g. thermal paper.

记录应可读。

检查书写内容是否用墨水写就，应不可擦除和/或模糊褪色（在保存期间）。

检查记录是否在用铅笔书写之前用铅笔写过（套写）。

注意一些从系统里打印的纸质打印件可能会在一定时长后褪色，例如热敏纸。

4

Records should be signed and dated using a unique identifier that is attributable to the author.

Check that there are signature and initials logs, that are controlled and current and that demonstrate the use of unique examples, not just standardized printed letters.

Ensure that all key entries are signed & dated, particularly if steps occur over time, i.e. not just signed at the end of the page and/or process.

The use of personal seals is generally not encouraged; however, where used, seals must be controlled for access.

There should be a log which clearly shows traceability between an individual and their personal seal. Use of personal seals must be dated (by the owner), to be deemed acceptable.

记录的签名和日期应有唯一的识别标志，可以追溯到书写人。

检查是否有签名和首字母名清单。清单应该受控并且是现行的，它证明使用了唯一的样子，而不只是标准化印刷的字母。

保证所有关键的书写内容都有签字和日期，尤其是如果步骤发生在一定时长内，即不止是在页尾和/或工艺结束时签字。

应该有一份清单，在其中显示个人及其名鉴之间的可追溯性。使用个人名鉴必须要有日期（持有人书写），这样是可以接受的。

8.7 Making corrections on records 记录更正

Corrections to the records must be made in such way that full traceability is maintained.

对记录进行更正必须保持全面可追溯性。

Item 项目	How should records be corrected? 记录要如何更正？	Specific elements that should be checked when reviewing records: 在审核记录时要检查的具体要素：
1	Cross out what is to be changed with a single line. Where appropriate, the reason for the correction must be clearly recorded and verified if critical. Initial and date the change made.	Check that the original data is readable not obscured (e.g.: not obscured by use of liquid paper; overwriting is not permitted) If changes have been made to critical data entries, verify that a valid reason for the change has been recorded and that supporting evidence for the change is available. Check for unexplained symbols or entries in records
	用单删除线划掉要更正的部分。 适当时必须清楚记下更正的理由，关键的话还要核查。 更正人签名首字母和日期。	检查原始记录是否被遮盖，是否仍可读（例如，没有使用修正液遮盖，不允许重叠书写）。 如果是对关键数据进行更正，则要核查是否记录了有效的更正理由，以及是否有支持变更的证据。 检查记录中没有解释的符合或内容。
	Corrections must be made in indelible ink.	Check that written entries are in ink, which is not erasable and/or will not smudge or fade (during the retention period). Check that the records were not filled out using pencil prior to use of pen (overwriting).
	更正必须采用不可擦除的墨水。	检查书写是否使用的墨水，是否不能擦除和/或模糊或褪色（在存贮期间）。 检查记录填写是否在用铅笔之前用铅笔打底（套写）。

8.8 Verification of records (secondary checks) 记录核查（第二人检查）

Item 项目	When and who should verify the records? 什么人什么时间要对记录进行核查？	Specific elements that should be checked when reviewing records: 在审核记录时要检查哪些具体要素：
1	A- Batch production records of critical process steps should be: -    reviewed/witnessed by designated personnel (e.g.: production supervisor) at the time of operations occurring; and -    reviewed by an authorised person within production before sending them to the QC department; and - reviewed and approved by the Quality Assurance Unit (e.g. Authorised Person / Qualified Person) before release or distribution of the batch produced. B- Batch production records of non-critical process steps is generally reviewed by production personnel according to an approved procedure. This verification must be conducted after performing production-related tasks and activities. This verification must be signed or initialed and dated by the appropriate persons. Local SOPs must be in place to describe the process for review of written documents.	Verify the process for the handling of production records within processing areas to ensure they are readily available to the correct personnel at the time of performing the activity to which the record relates. Verify that any secondary checks performed during processing were performed by appropriately qualified and independent personnel, e.g. production supervisor or QA. Check that documents were reviewed by production and then quality personnel following completion of operational activities.
	A-关键工艺步骤的批生产记录应： -    由指定人员（例如生产主管）在操作发生时进行审核/现场查看；并且 -    由生产部门内经过授权的人员在将记录送交QC部门前进行审核，并且由QA部门（例如授权人/QP）进行审核和批准，然后放行或销售所生产的批次 B-非关键工艺步骤的批生产记录通常由生产部人员根据批准的程序进行审核。 此核查必须在生产相关任务和活动实施之后再执行。此核查必须由适当的人员签字或签首写字母并签署日期。 必须有SOP描述书面文件记录的审核流程。	核查生产区域内处理生产记录的程序以保证正确的人员在实施记录相关操作时可以很容易获取该记录。 核查是否在工艺期间由适当资质和独立的人员，例如生产主管或QA进行第二人检查。 检查文件记录是否在操作活动完成之后由生产部审核，然后由质量人员审核。
	How should records be double checked? 如何对记录进行双重检查？	Specific elements that should be checked when reviewing records: 在审核记录时要检查哪些具体要素：
2	Check that all the fields have been completed correctly using the current (approved) templates, and that the data was critically compared to the acceptance criteria. Check items 1, 2, 3, and 4 of section 8.5 and Items 1 and 2 of section 8.6.	Inspectors should review company procedures for the review of manual data to determine the adequacy of processes. Check that the secondary reviews of data include a verification of any calculations used. View original data (where possible) to confirm that the correct data was transcribed for the calculation.
	检查是否所有空格都使用现行（批准的）模板填写完整正确，相比于可接受标准此数据是否关键。 检查第8.5部分的项目1、2、3和第8.6部分的项目1和2.	检查员应审核公司审核人工数据的程序以确定程序的充分性。 检查对数据是否有第二人审核，包括对所用计算方法的核查。 查看原始数据（如可能）以确认转抄用于计算的数据是正确的。

8.9 Maintaining Records 记录维护

Item 项目	How should records be maintained? 记录应如何维护？	Specific elements that should be checked when reviewing records: 审核记录时应检查的特定要素：
1	Companies should implement a defined system(s) for storage and recovery of records. All records must be stored in the specified location in a traceable and accessible manner. Systems should ensure that all GMP/GDP relevant records are stored for periods that meet GMP/GDP requirements[2].	Check if the records are stored in an orderly manner and are easily identifiable.
	公司应定义并实施记录存贮和恢复系统。 所有记录必须存贮在指定的位置，可以追踪并可以获得。 系统应确保所有GMP/GDP相关记录存贮时长符合GMP/GDP要求的时长。	检查记录存贮方式是否有序，易于识别。
2	All records should be protected from damage or destruction by: -    fire; -    liquids (e.g. water, solvents and buffer solution); -    rodents; -    hygrometry etc. -    unauthorised personnel access, who may attempt to amend, destroy or replace records	Check if there are systems in place to protect records (e.g. pest control and sprinklers). Note: Sprinkler systems can be implemented provided that they are designed to prevent damage documents, e.g. documents are protected from water (e.g. by covering them with plastic film).
	所有记录应受到保证，不会受到以下操作或毁坏： -    火 -    液体（例如，水、溶剂和缓冲液） -    啮齿动物 -    湿度测定等 -    未经授权的人员进入，该人可能试图修改、损毁或替换记录	检查是否存在有系统保护记录（例如，虫鼠控制和自动喷淋灭火装置）。 注：如果自动喷淋系统是设计来保护文件的，例如，文件是防水的（例如，文件已用塑料膜覆盖），则可以实施自动喷淋系统
3	Strategy for disaster recovery	Check for system is in place for the recovery of records in a disaster situation
	灾难恢复策略	检查是否具备灾难情形下恢复记录的系统。

8.10 Direct print-outs from electronic systems 从电子系统直接打印出的打印件

8.10.1 Paper records generated by very simple electronic systems, e.g. balances, pH meters or simple processing equipment which do not store data provide limited opportunity to influence the presentation of data by (re-)processing, changing of electronic date/time stamps. In these circumstances, the original record should be signed and dated by the person generating the record and the original should be attached to batch processing records.

从不存贮数据的非常简单的电子系统，如天平、pH计或简单工艺设备中产生的纸质记录，其通过对数据进行再处理、改变电子日期/时间戳的方式影响数据呈现的机会受到限制，则可以由生成记录的人对原始记录签名日期，并将原始记录附入批处理记录。

8.11 True copies 真实备份

8.11.1 Copies of original paper records (e.g. analytical summary reports, validation reports etc.) are generally very useful for communication purposes, e.g. between companies operating at different locations. These records must be controlled during their life cycle to ensure that the data received from another site (sister company, contractor etc.) are maintained as “true copies” where appropriate, or used as a “summary report” where the requirements of a “true copy” are not met (e.g. summary of complex analytical data).

原始纸质记录（例如，分析汇总报告，验证报告等）的副本一般在交流时非常有用，例如，当公司在不同地方操作时。这些记录必须在其生命周期中受控，以确保从另一场所（兄弟公司，合同商等）收集来的数据在适当时作为“真实备份”得到维护，或者是在不符合“真实备份”要求（例如，复杂的分析数据的汇总）时用作“总结报告”。

8.11.2 It is conceivable for raw data generated by electronic means to be retained in an acceptable paper or pdf format, where it can be justified that a static record maintains the integrity of the original data. However, the data retention process must be shown to include verified copies of all raw data, metadata, relevant audit trail and result files, software / system configuration settings specific to each analytical run, and all data processing runs (including methods and audit trails) necessary for reconstruction of a given raw data set. It would also require a documented means to verify that the printed records were an accurate representation. This approach is likely to be onerous in its administration to enable a GMP compliant record.

可以想象，对于电子方式产生的原始数据会以可接受的纸质方式或PDF格式保存，这时可以论证静态的记录维持了原始数据的完整性。但是，数据保存流程必须包括对经过核对的所有原始数据、元数据、相关审核追踪和结果文件、每次分析运行时的软件/系统参数设置、以及所有过程运行数据（包括方法和审核追踪），这是重新构建指定的原始数据系列时所需要的内容。这也要求有书面方法来核查所打印的记录是一份准确的表达。这种方法可能会太麻烦，难以管理让其符合GMP记录要求。

8.11.3 Many electronic records are important to retain in their dynamic (electronic) format, to enable interaction with the data. Data must be retained in a dynamic form where this is critical to its integrity or later verification. This should be justified based on risk.

许多电子记录要保存在其动态（电子）格式，使得可以与数据互动。数据必须以对其完整性至为关键的形式保存，并要在保存后进行核查。应基于风险来论证此方式。

8.11.4 At the receiving site, these records (true copies) may either be managed in a paper or electronic format (e.g., PDF) and should be controlled according to an approved QA procedure.

在接收场所，这些记录（真实副本）可以以纸质方式或电子格式（例如PDF）保存，应根据批准的QA程序受控。

8.11.5 Care should be taken to ensure that documents are appropriately authenticated as “true copies” either through the use of handwritten or digital signatures.

应小心确保文件经过适当的“真实副本”认证，可以是通过手书或数字签名达到此目的。

Item 项目	How should the “true copy” be issued and controlled? “真实备份”应如何签发和受控？	Specific elements that should be checked when reviewing records: 在审核记录时要检查的具体要素：
1	Creating a “true copy” of a paper document. At the company who issues the true copy: -    Obtain the original of the document to be copied -    Photocopy the original document ensuring that no information from the original copy is lost; -    Verify the authenticity of the copied document and sign and date the new hardcopy as a “true copy”; The “True Copy” may now be sent to the intended recipient. Creating a “true copy” of a electronic document. A ‘true copy’ of an electronic record should be created by electronic means (electronic file copy), including all required metadata. Creating pdf versions of electronic data should be discouraged, as this is equivalent to a printout from the electronic system, which risks loss of metadata. The “True Copy” may now be sent to the intended recipient. A distribution list of all issued “true copies” (soft/hard) should be maintained.	Verify the procedure for the generation of true copies. Check that true copies issued are identical (complete and accurate) to original records. Copied records should be checked against the original document records to make sure there is no tampering of the scanned image. Check that scanned or saved records are protected to ensure data integrity. After scanning paper records and verifying creation of a ‘true copy’, it may be possible to permit destruction of the original documents from which the scanned images have been created. There should be a documented approval process for this destruction.
	创建一份纸质文件的“真实备份”。 在签发真实备份的公司： -    获得要备份的文件原件 -    对原始文件进行影印，确保没有遗漏原件上任何信息 -    核对复印件的真实性，在复印件上签名/日期，将新的复印件作为“真实备份” “真实备份”现在可以发送给接收方。 创建一份电子文件的“真实备份”。 电子记录的“真实备份”应采用电子方式创建（电子文件备份），包括所有所需的元数据。不鼓励创建电子数据的PDF版本，因为这等于从电子系统打印出一份打印件，这时有丢失元数据的风险。 “真实备份”现在可以发送给接受方。 要维护所有签发的“真实备份”（软备份/硬备份）的发放清单。	核查真实备份的生成流程。 检查所签发的真实备份是否与原始记录相同（完整准确）。备份记录应和原始文件记录对比检查，确认没有篡改扫描影像。 检查扫描或保存的记录受到保护，能保证数据完整性。 在扫描了纸质记录和核对“真实备份”的创建后，可以允许销毁已经扫描创建过“真实备份”的原始文件。 此销毁过程应有书面批准的程序。
2	At the company who receives the true copy: -    The paper version, scanned copy or electronic file should be reviewed and filed according to good document management processes. The document should clearly indicate that it is a true copy and not an original record.	Check that received records are checked and retained appropriately. A system should be in place to verify the authenticity of “true copies” e.g. through verification of the correct signatories.
	收到真实备份的公司： -    纸质版本、扫描备份或电子文件应根据优良文件记录管理流程进行审核和存档。 文件记录应清楚显示其是真实备份，而不是原始记录。	检查所收到的记录是否经过适当的检查和保存。 应该有一个系统核对“真实备份”的正被性，例如，通过验证其正确签名。

8.11.6 A quality agreement should be in place to address the responsibilities for the generation and transfer of “true copies” and data integrity controls. The system for the issuance and control of “true copies” should be audited by the contract giver and receiver to ensure the process is robust and meets data integrity principles.

应有质量协议说明“真实备份”产生和转移的职责以及数据完整性控制。签发和控制“真实备份”的系统应由合同发包方和合同接受方进行审计，以确保流程稳健，符合数据完整性原则。

8.12 Limitations of remote review of summary reports 对汇总报告进行远程审核的局限性

8.12.1 The remote review of data within summary reports is a common necessity; however, the limitations of remote data review must be fully understood to enable adequate control of data integrity.

对汇总报告中的数据进行远程审核通常是必须的。但是，必须全面了解远程数据审核的局限性，以对数据完整性进行充分控制。

8.12.2 Summary reports of data are often supplied between physically remote manufacturing sites, Market Authorisation Holders and other interested parties. However, it must be acknowledged that summary reports are essentially limited in their nature, in that critical supporting data and metadata is often not included and therefore original data cannot be reviewed.

数据汇总报告通常会在物理距离上比较远的生产场所、上市许可持有人和其它利益相关方之间传递。但是，必须知道汇总报告从根本上来说受限于其特性，其中通常并不包括关键支持性数据和元数据，因此无法对原始数据进行审核。

8.12.3 It is therefore essential that summary reports are viewed as but one element of the process for the transfer of data and that interested parties and inspectorates do not place sole reliance on summary report data.

因此有必要仅是将审核汇总报告作为数据转移过程中的一个环节，利益相关方和检查组织并不仅仅依赖于汇总报告的数据。

8.12.4 Prior to acceptance of summary data, an evaluation of the supplier’s quality system and compliance with data integrity principles should be established through on-site inspection when considered important in the context of quality risk management.

在接受汇总数据之前，考虑到质量风险管理环境下其重要性，应通过现场检查对供应商的质量体系和数据完整性原则符合性进行评估。

The inspection should ensure the veracity of data generated by the company, and include a review of the mechanisms used to generate and distribute summary data and reports.

检查应确保公司所产生的数据的真实性，包括对用来产生和分发汇总数据和报告体制的审核。

8.13 Document retention (Identifying record retention requirements and archiving records) 文件记录保存（识别记录保存要求和归档记录）

8.13.1 The retention period of each type of records should (at a minimum) meet those periods specified by GMP/GDP requirements. Consideration should be given to other local or national legislation that may stipulate longer storage periods.

每类记录的保存时长应（至少）符合GMP/GDP要求中指定的时长。应考虑其它可能规定了更长保存期限的当地或国家法规。

8.13.2 The records can be retained internally or by using an outside storage service subject to quality agreements. A risk assessment should be available to demonstrate retention systems/facilities/services are suitable and that the residual risks are understood.

记录可以内部保存，也可以使用外部保存服务，但要签订质量协议。应进行风险评估证明保存系统/设施/服务是适当的，并了解残留风险。

Item 项目	Where and how should records be archived? 在哪儿如何归档记录？	Specific elements that should be checked when reviewing records: 审核记录时要检查的具体要素
1	A system should be in place describing the different steps for archiving records (identification of archive boxes, list of records by box, retention period, archiving location etc.).	Check that the system implemented for retrieving archived records is effective and traceable. Check that access to archived documents is restricted to authorized personnel ensuring integrity of the stored records. The storage methods used should permit efficient retrieval of documents when required.
1	应有一个系统描述归档记录的不同步骤（档案盒识别、盒中记录清单、保存期限、存档位置等）。	检查归档记录恢复实施系统是否有效和可追踪。 检查归档文件接触权限是否仅限于被授权的人员，能确保所存贮记录的完整性。 所用保存方法应能在必要时对文件进行有效恢复。
2	All hardcopy quality records should be archived in: -    secure locations to prevent damage or loss; -    such a manner that it is easy retrievable. -    Ensure that records are likely durable for their archived life	Check for the outsourced archived operations if there is a quality agreement in place and if the storage location was audited. Ensure there is some assessment of ensuring that documents will still be legible/available for the entire archival period. Check that access to archived documents is restricted to authorized personnel ensuring integrity of the stored records. The storage methods used should permit efficient retrieval of documents when required.
2	所有纸质质量记录应存档在： -    安全的位置，防止损坏或物超所值 -    其保存方式应易于恢复； -    确保记录能持久保存达到其生命周期。	检查外包操作是否有质量协议，是否对存放位置进行了审核。 确保有一些评估，保证文件在整个归档周期都清晰.可以获得。 检查归档文件的进入权限是否仅限于被授权的人员，能确保所存贮记录的完整性。 所用存贮方法应能保证必要时有效恢复文件。

8.14 Disposal of original records 原始记录的废弃

8.14.1 A documented process for the disposal of records should be in place to ensure that the correct original records are disposed of after the defined retention period. The system should ensure that current records are not destroyed by accident and that historical records do not inadvertently make their way back into the current record stream (eg. Historical records confused/mixed with existing records.)

记录废弃处理应有书面程序，以确保销毁的是超过既定保留时长的正确的原始记录。系统应保证现行记录不会被错误销毁，历史记录不会阴差阳错回到现行记录流（例如，历史记录与现有记录混淆/混合）。

8.14.2 A record/register should be available to demonstrate appropriate and timely destruction of retired records.

应该能提供记录/登记册证明对退役的记录进行了适当及时的销毁。

8.14.3 Measures should be in place to reduce the risk of deleting the wrong documents. The access rights allowing deletion of records should be limited to few persons.

应该的措施降低删除错误文件的风险。进入删除文件权限应限制授权给很少数人。

8.14.4 In case of printouts which are not permanent (e.g. thermo transfer paper) a verified (‘true’) copy may retained, and it is possible to discard the non- permanent original

如果打印件不是永久的（例如，热敏纸），则应保存经过验证（真实）的副本，可以废弃非永久性记录原件。

8.14.5 Paper records may be replaced by Scans provided that the principles of ‘true copy’ are addressed (see section 8.11.5)

如果“真实备份”的原则有进行说明，则可以采用扫描件替代纸质文件来保存（参见第8.11.5部分）。

---

[1] The use of scribes to record activity on behalf of another operator should be considered ‘exceptional’, and only take place where:

l   The act of recording places the product or activity at risk e.g. documenting line interventions by sterile operators.

l   To accommodate cultural or staff literacy / language limitations, for instance where an activity is performed by an operator, but witnessed and recorded by a Supervisor or Officer.

In both situations, the supervisory recording must be contemporaneous with the task being performed, and must identify both the person performing the observed task and the person completing the record. The person performing the observed task should countersign the record wherever possible, although it is accepted that this countersigning step will be retrospective. The process for supervisory (scribe) documentation completion should be described in an approved procedure, which should also specify the activities to which the process applies.

使用记录员来代替另一人记录所操作事件应作为“例外情况”，只有在以下情况可以使用：

?   记录活动会让产品或活动处于风险之中，例如，记录无菌操作人员对生产线的人工干预情况

?   适应文化或员工文化水平/语言限制，例如，一个操作工实施活动，主管或管理员在现场查看并记录。

在两种情形下，监管式记录都必须与所实施的任务同步，必须写明完成该任务和完成记录的人员姓名。实施所观察任务的人员应在可能时就对记录进行会签，这时的会签是回顾式的，是可以接受的。监管（记录）记录完成的过程应一个批准的程序中描述，还应该指定该程序适用的活动。

[2] Note that storage periods for some documents may be dictated by other local or national legislation.

注意有些文件记录的存贮期限可能是有当地或国家法律规定的。

9 SPECIFIC DATA INTEGRITY CONSIDERATIONS FOR COMPUTERISED SYSTEMS 计算机化系统具体数据完整性考虑
9.1 Structure of the QMS and control of computerised systems QMS结构和计算机化系统的控制

9.1.1 A large variety of computerised systems are used by companies to assist in a significant number of operational activities. These range from the simple standalone to large integrated and complex systems, many of which have an impact on the quality of products manufactured. It is the responsibility of each regulated entity to fully evaluate and control all computerised systems and manage them in accordance with GMP[1] and GDP[2] requirements.

公司使用大量不同的计算机化系统来辅助大量的操作活动。其范围从简单的单机到大型集成复杂系统，其中许多对所生产的药品质量产生影响。各受法规约束的主体有责任全面评估和控制所有计算机化系统，以及根据GMP和GDP要求对其进行管理。

9.1.2 Organisations should be fully aware of the nature and extent of computerized systems utilised, and assessments should be in place that describe each system, its intended use and function, and any data integrity risks or vulnerabilities that may be susceptible to manipulation. Particular emphasis should be placed on determining the criticality of computerised systems and any associated data, in respect of product quality.

公司应深刻了解其所采用的计算机化系统的属性和深度，应进行评估描述每个系统，其既定用途以及功能，和所有数据完整性风险，或易被篡改的脆弱点。尤其应强调要确定计算机化系统及所有相关数据 在药品质量方面的关键程度。

9.1.3 All computerised systems with potential for impact on product quality should be effectively managed under a mature quality management system which is designed to ensure that systems are protected from acts of accidental or deliberate manipulation, modification or any other activity that may impact on data integrity.

所有对药品质量有潜在影响的计算机化系统均应在成熟的质量管理体系里进行有效管理。质量管理体系设计应保系统受到保护，不会被事故或有意篡改、修订，或受到任何可能影响数据完整性的活动的侵害。

9.1.4 When determining data vulnerability and risk, it is important that the computerized system is considered in the context of its use within the business process. For example, data integrity of an analytical method with computerised interface is affected by sample preparation, entry of sample weights into the computerized system, use of the computerised system to generate data, and processing /recording of the final result using that data.

在确定数据弱点和风险时，很重要的一点是要在业务流程内其使用环境下考虑计算机化系统。例如，一个有计算机化界面的分析方法的数据完整性会受到样品制备、将样品重要输入计算机化系统、使用计算机化系统产生数据，以及使用这些数据处理/记录最终结果的影响。

9.1.5 The guidance herein is intended to provide specific considerations for data integrity in the context of computerised systems. Further guidance regarding good practices for computerised systems may be found in the PIC/S Good Practices for Computerised Systems in Regulated “GxP” Environments (PI 011).

指南此处旨在提供计算机化系统环境下数据完整性的具体考虑。关于优良计算机化系统的规范可以在PIC/S在受法规约束的GXP环境下计算机化系统优良规范（PI 011）中找到。

9.2 Qualification and validation of computerised systems 计算机化系统的确认和验证

9.2.1 The qualification and validation of computerised systems should be performed in accordance with the relevant GMP/GDP guidelines; the tables below provide clarification regarding specific expectations for ensuring good data governance practices for computerised systems.

计算机化系统的确认和验证应根据相关的GMP/GDP指南实施，下表提供了关于保证计算机化系统优良数据管理规范的具体要求。

	Expectations 要求	Potential risk of not meeting expectations/items to be checked 潜在不符合要求风险/要检查的项目
Item: 项目	Validation Documentation 验证文件记录
1	Regulated users should have an inventory of all computerised systems in use. This list should include reference to: -    The name, location and primary function of each computerized system; -    Assessments of the function and criticality of the system and associated data; (e.g. direct GMP/GDP impact, indirect impact, none) -    The current validation status of each system and reference to existing validation documents. Risk assessments should be in place for each system, specifically assessing the necessary controls to ensure data integrity. The level and extent of validation for data integrity should be determined based on the criticality of the system and process and potential risk to product quality, e.g. processes or systems that generate or control batch release data would generally require greater control than those systems managing less critical data or processes. Consideration should also be given to those systems with higher potential for disaster, malfunction or situations in which the system becomes inoperative. Assessments should also review the vulnerability of the system to inadvertent or unauthorised changes to critical configuration settings or manipulation of data. All controls should be documented and their effectiveness verified.	Companies that do not have adequate visibility of all computerised systems in place may overlook the criticality of systems and may thus create vulnerabilities within the data lifecycle. An inventory list serves to clearly communicate all systems in place and their criticality, ensuring that any changes or modifications to these systems are controlled. Verify that risk assessments are in place for critical processing equipment and data acquisition systems. A lack of thorough assessment of system impact may lead to a lack of appropriate validation and system control. Examples of critical systems to review include: -    Systems used to control the purchasing and status of products and materials; -    Systems for the control and data acquisition for critical manufacturing processes; -    Systems that generate, store or process data that is used to determine batch quality; -    Systems that generate data that is included in the Batch processing or packaging records; -    Systems used in the decision process for the release of products.
	受法规约束的用户应对所有在用计算机化系统有一个清单。该清单包括以下内容： -    每个计算机化系统的名称、位置和基本功能 -    对系统的功能和关键程度及相关数据进行评估，（例如，直接GMP/GDP影响，间接影响，无影响） -    每个系统当前的验证状态，对现有文件的引用 对每个系统均应有风险评估，尤其要评估控制的必要性，以保证数据完整性。数据完整性验证的水平和深度应根据系统和流程的关键程度，以及对药品质量的潜在风险确定，例如，产生或控制批放行数据的流程或系统需要的控制比管理较不关键数据的系统或流程更高。 还要考虑那些会导致系统无法运行的灾难、故障或情形可能性。 评估还应该审核系统被无意或未经授权修改关键参数设置或数据篡改的弱点。所有控制均应记录，并核查其有效性。	计算机化系统没有充分可见性的公司可能会忽视系统的关键程度，从而在数据生命周期内产生弱点。 清单是为了明了所有已有系统及其关键程度，确保这些系统所有变更或修改均受到控制。 核查关键工艺设备和数据获取系统是否有风险评估。系统影响缺乏全面评估可能会导致缺乏适当的验证和系统控制。要审核的关键系统例子包括： -    用于控制采购和产品和物料状态的系统； -    关键生产工艺控制和数据获取系统； -    产生、存贮或处理用于决定批质量的系统； -    产生包括在批加工或批包装记录里的数据的系统； -    用于产品放行决策流程的系统。
2	A Validation Summary Report for each computerised system written by the Quality Unit should be in place and state at least the following items: -    Critical system configuration details and controls for restricting access to configuration and any changes (change control). -    A list of currently approved users, specifying the users name and surname, and any specific usernames. -    Identity and permitted activities (privileges) for each user of the system. -    Identity and role of the System Administrator. -    Frequency of review of audit trails and system logs. -    Procedures for: l   how a new system user is created; l   the process for the modification (change of privileges) for an existing user; l   the process of deleting users; l   arrangements for backup and frequency; l   A description of the recovery process in case of an incident; l   Process and responsibilities for data archiving; l   Approved locations for data storage. -    It should be clearly stated that the original data are retained with relevant metadata in a form that permits the reconstruction of the manufacturing process or the analytical activity.	Check that validation systems and reports specifically address data integrity requirements following GMP/GDP requirements and considering ALCOA principles. System configuration and segregation of duties (e.g. authorisation to generate data should be separate to authorisation to verify data) should be defined prior to validation, and verified as effective during testing. Check the procedures for system access to ensure modifications or changes to systems are restricted and subject to change control management. Ensure that system administrator access is restricted to authorised persons and is not used for routine operations. Check the procedures for granting, modifying and removing access to computerised systems to ensure these activities are controlled. Check the currency of user access logs and privilege levels, there should be no unauthorized users to the system and access accounts should be kept up to date. There should also be restrictions to prevent users from amending audit trail functions.
	质量部门应为每个计算机化系统制订验证摘要报告，其中至少要声明以下项目： -    关键系统参数设置细节，限制参数修改和任何变更的控制（变更控制）。 -    目前已批准用户的清单，说明用户姓名以及具体的用户名。 -    系统每个用户的身份及所允许的权限（授权）。 -    系统管理员的身份和职责。 -    对审计追踪和系统日志审核的频次。 -    以下操作的流程： l   如何创建新的系统用户； l   修改已有用户的流程（变更权限）； l   删除用户的流程； l   备份安排和备份频次； l   有事故发生时的恢复流程描述； l   数据归档流程和职责； l   批准的数据存贮位置。 -    应清楚说明原始数据与相关元数据保留的形式允许对生产工艺或分析活动进行重新构建。	检查验证系统和报告，特别要强调遵守GMP/ GDP要求，考虑ALCOA的数据完整性要求。 系统参数设置和职责划分（例如，产生数据的权限应与核查数据的权限分开）应在验证之前进行界定，并在测试中核对其是否生效。 检查系统登录控制程序，确保对系统的修订或变更受到限制，要受到变更控制管理。 保证系统管理员权限只授予有权限的人员，不会用于日常操作。 检查认证、修订和取消计算机化系统权限的程序，保证这些活动受到控制。检查用户登录日志和权限水平情况，应该没有未经授权的用户登入系统，登录帐号应该及时更新与现状相符。这些限制也应防止用户修改审核追踪功能。
3	Companies should have a Validation Master Plan in place that includes specific policies and validation requirements for computerised systems and the integrity of such systems and associated data. The extent of validation for computerized systems should be determined based on risk. Further guidance regarding assessing validation requirements for computerised systems may be found in PI 011. Before a system is put into routine use, it should be challenged with defined tests for conformance with the acceptance criteria. It would be normally expected that a prospective validation for computerized systems is conducted; however, for systems already installed, it may be acceptable to perform retrospective validation based on an assessment of all historical records for the existing computerised system. In case of a retrospective qualification, a documented evaluation of system history i.e. error logs, changes made, evaluation of user manuals and SOPs would be expected to have taken place. IT validation should be designed according to GMP Annex 15 with URS, FAT, SAT, IQ, OQ and PQ tests. Qualification testing includes Design Qualification (DQ); Installation qualification (IQ); Operational Qualification (OQ); and Performance Qualification (PQ). In particular, specific tests should be designed in order to challenge those areas where data integrity is at risk. Companies should ensure that computerised systems are qualified for their intended use. Companies should therefore not place sole reliance on vendor qualification packages; validation exercises should include specific tests to ensure data integrity is maintained during operations that reflect normal and intended use. The number of tests should be guided by a risk assessment but the critical functionalities should be at least identified and tested, e.g., certain PLCs and systems based on basic algorithms or logic sets, the functional testing may provide adequate assurance of reliability of the computerised system. For critical and/or more complex systems, detailed verification testing is required during IQ, OQ & PQ stages.	Check that validation documents include specific provisions for data integrity; validation reports should specifically address data integrity principles and demonstrate through design and testing that adequate controls are in place. Unvalidated systems may present a significant vulnerability regarding data integrity as user access and system configuration may allow data amendment. Check that end-user testing includes test scripts designed to demonstrate that software not only meets the requirements of the vendor, but is fit for its intended use.
	公司应有验证主计划，其中包括针对计算机化系统及此类系统和相关数据完整性的专用方针和验证要求。 计算机化系统验证的深度应根据其风险决定。更多关于评估计算机化系统验证要求的指南参见PI 011。 在系统投入日常使用之前，应采用指定的测试来挑战其性能是否符合可接受标准。 一般要求对计算机化系统实施前瞻式验证。但是，对于已经安装的系统，可以接受根据对现在计算机化系统的所有历史记录的评估进行回顾性验证。 如果是采用了回顾性确认，应有书面记录的系统历史，即错误日志、所做的变更、用户手册评估和SOP。 IT验证应根据GMP附录15设计，包括URS、FAT、SAT、IQ、OQ和PQ测试。 确认测试包括设计确认（DQ）、安装确认（IQ）、运行确认（OQ）和性能确认（PQ）。尤其是，应设计特定测试以挑战数据完整性有风险的区域。 公司应确保计算机化系统经根据其既定用途进行确认，因此公司不能仅依赖于供应商的确认包，验证应包括特定测试来保证数据完整性在能反映正常既定使用情形下的运行期间得到维护。 测试的数量应根据风险评估制订，但关键功能应至少要进行识别和测试，例如，特定的PLC和基于基本乍当和逻辑系列的系统，功能性测试可以充分保证计算机化系统的可靠性。对于关键和/或更复杂的系统，在IQ、OQ和PQ阶段则需要详细的核查测试。	检查验证文件，包括数据完整性特定条款，验证报告应特别说明数据完整性原则，通过设计和测试证明具有充分的控制。 未经验证的系统可能会有数据完整性方面的重大缺陷，因为用户权限和系统参数设置可能允许对数据进行修改。 检查最终用户测试，包括设计用以证明软件不仅仅符合供应商标准，也符合其既定用途的测试脚本。
4	Periodic Evaluation Computerised systems should be evaluated periodically in order to confirm they maintain the validated status and are GMP compliant. The evaluation should include deviations, changes, upgrade history, performance and maintenance. The frequency of the re-evaluation should be based on a risk assessment depending on the criticality of the computerised systems. The assessment performed should be documented.	Check that re-validation reviews for computerised systems are outlined within validation schedules. Verify that systems have been subject to periodic review, particularly with respect to any potential vulnerabilities regarding data integrity. Any issues identified, such as limitations of current software/hardware should be addressed in a timely manner and corrective and preventative actions, and interim controls should be available and implemented to manage any identified risks.
	产品评估 计算机化系统应定期评估以确认其维持在经过验证的状态，并且符合GMP要求。评估应包括偏差、变更、更新历史、性能和维护。 再评估的频次应基于计算机化系统的关键程度所做的风险评估确定。所实施的评估应记录。	检查计算机系统的再验证审核是否列在验证计划中。 核查经过定期审核的系统，尤其是数据完整性的可能弱点。 所有识别出的问题，如现行软件/硬件的局限性应及时说明，并制订CAPA和临时控制并实施以管理所有识别出的风险。
Item: 项目	Data transfer between systems 系统间的数据转移
1	Interfaces should be assessed and addressed during validation to ensure the correct and complete transfer of data.	Interfaces between computerised systems present a risk whereby data may be inadvertently lost, amended transcripted incorrectly during the transfer process.
	在验证期间，要对系统间接口进行评估和说明，以确保数据的转移正常完整。	计算机化系统之间的接口如果有风险，则数据可能会在转移过程中不可逆地丢失、不正确地修改转序。
2	Where system software is installed or updated, the user should ensure that archived data can be read by the new software. Where necessary this may require conversion of existing archived data to the new format. Where conversion to the new data format of the new software is not possible, the old software should be maintained installed in one PC and also available as a hard copy (e.g. installation CD) in order to have the opportunity to read the archived data in case of an investigation.	It is important that data is readable in its original form throughout the data lifecycle, and therefore users must maintain both the readability of data and access to superseded software.
	如果系统软件进行了安装和更新，则用户应确保被归档的数据可以用新的软件读取。必要时，可能需要将现有存档数据转换成新格式。	数据以其原始格式在其生命周期中都可读是很重要的，因此用户必须维护数据的可读性和对被替代的软件的登录使用。

9.3 System security for computerised systems 计算机化系统的系统安全

	Expectations 要求	Potential risk of not meeting expectations / items to be checked 不符合要求潜在风险/要检查的项目
Item:	System security 系统安全
1	User access controls, both physical and electronic, shall be configured and enforced to prohibit unauthorised access to, changes to and deletion of data. For example: -    Individual Login IDs and passwords should be set up and assigned for all staff needing to access and utilise the specific electronic system. Shared login credentials do not allow for traceability to the individual who performed the activity. For this reason, shared passwords, even for reasons of financial savings, must be prohibited. -    Input of data and changes to computerised records must be made only by authorized personnel. Companies should maintain a list of authorized individuals and their access privileges for each electronic system in use. -    Administrator access to computer systems used to run applications should be controlled. General users should not have access to critical aspects of the software, e.g. system clocks, file deletion functions, etc. -    System administrators should normally be independent from users performing the task, and have no involvement or interest in the outcome of the data generated or available in the electronic system. For example, QC supervisors and managers should not be assigned as the system administrators for electronic systems in their laboratories (e.g., HPLC, GC, UV-Vis). Typically, individuals outside of the quality and production organisations (e.g., Information Technology administrators) should serve as the system administrators and have enhanced permission levels. -    For smaller organisations, it may be permissable for a nominated person to hold access as the system administrator; however, in these cases the administrator access should not be used for performing routine operations and the user should hold a second and restricted access for performing routine operations. -    Any request for new users, new privileges of users should be forwarded to the IT administrator in a tracebeable way in accordance with a standard procedure.	Check that the company has taken all reasonable steps to ensure that the computerised system in use is secured, and protected from deliberate or inadvertent changes. Systems that are not physically and administratively secured are vulnerable to data integrity issues. Inspectorates should verify that verified procedures exist that manage system security, ensuring that computerised systems are maintained in their validated state and protected from manipulation. It is acknowledged that some computerised systems support only a single user login or limited numbers of user logins. Where no suitable alternative computerised system is available, equivalent control may be provided by third party software, or a paper based method of providing traceability (with version control). The suitability of alternative systems should be justified and documented. Increased data review is likely to be required for hybrid systems.
	用户权限控制，物理的和电子的，均应进行参数设置，禁止未经授权进入修改和删除数据。例如： -    应为所有需要进入和使用该电子系统的员工设置个人登录ID和密码并进行分配。共用登录名无法追溯到实施活动的个人。因此，必须禁止共用密码，即使是财务存款原因也一样。 -    计算机化记录的数据输入和变更必须仅由经过授权的人员操作。公司应为每个在用电子系统维护一份被授权人员的名单，及其操作权限。 -    用于运行软件的计算机系统管理员账号应受控。一般用户不应该具备对软件的关键方面进行操作的权限，例如，系统时钟、文件删除功能等。 -    系统管理员一般应独立于实施任务的用户，不参与该电子系统中所产生或可获得数据的结果，或与之无利益关系。例如，QC主管和经理不应被赋予化验室内电子系统（例如，HPLC、GC、UV-可见光）的系统管理员权限。一般来说，质量部门和生部门以外的人员（例如，IT管理员）应作为系统管理员，具有超级权限。 -    对于较小的公司，可以允许让相关人员具有 系统管理员权限。但是，在这种情形下，管理员的权限不应该用于实施日常操作，用户应该有另一个权限受限的登录方式来实施日期操作。 -    如需增加新用户、为已有用户增加新权限，应根据标准规程以可追溯方式提交申请至IT管理员。	检查公司是否采取合理措施来保证在用计算机化系统受到安全保护，可以防止有意或无意改变。 无法进行物理和行政安全保护的系统有数据完整性弱点。检查组应核对是否有经过核查的程序来管理系统安全，保证计算机化系统维持在其经过验证的状态，保护不受篡改。 我们知道有些计算机化系统仅支持单用户登录，或者是有限数量用户登录。如果没有适当的替代用计算机化系统，则应由第三方软件提供等同的控制，或者是采用纸质方式来提供可追溯性（带版本控制）。 替代系统的适用性应进行论证并记录。混合系统可能会要求更多的数据审核。
2	Computerised systems must be protected from accidental changes or deliberate manipulation. Companies should assess systems and their design to prevent unauthorised changes to validated settings that may ultimately affect data integrity. Consideration should be given to: -    The physical security of computerised system hardware: l   Location of and access to servers; l   Restricting access to PLC nodules, e.g. by locking access panels. -    Vulnerability of networked systems from local and external attack; -    Remote network updates, e.g. automated updating of networked systems by the vendor.
	计算机化系统必须保护不会被有意或无意篡改。公司应对系统及其设计进行评估，防止未经授权地修改经过验证的可能会最终影响数据完整性的设置。应考虑以下： -    计算机化系统硬件的物理安全； l   服务器的位置和进入方式； l   限制进入PLC节点，例如，通过锁定登录面板。 -    有网络连接的系统会受到当地和外来攻击； -    远程网络更新，例如，由供应商通过网络连接系统进行自动更新。
3	Electronic signatures used in the place of handwritten signatures must have appropriate controls to ensure their authenticity and traceability to the specific person who electronically signed the record(s). The use of advanced forms of electronic signatures is becoming more common, e.g., the use of biometrics is becoming more prevalent by firms. The use of advanced forms of electronic signatures should be encouraged.	Check that electronic signatures are appropriately validated, their issue to staff is controlled and that at all times, electronic signatures are readily attributable to an individual. Any changes to data after an electronic signature has been assigned should invalidate the signature until the data has been reviewed again and re-signed.
	手书签名的地方如使用电子签名则必须有适当的控制，确保其真实性和可追溯至对记录进行电子签名的特定个人。 使用先进的电子签名形式已经越来越普遍，例如，公司使用生物特征识别越来越流行。应鼓励使用先进的电子签名。	检查电子签名是否经过适当验证，分发给员工的过程是否受控，电子签名在所有时间都易于追溯到个人。 数据进行电子签名之后，对其进行的所有变更会让签名失效，直到数据经过重新审核重新签名。

9.4 Audit trails for computerised systems 计算机化系统的审核追踪

	Expectations 要求	Potential risk of not meeting expectations / items to be checked 不符合要求潜在风险/要检查的项目
Item:	Audit Trails 审计追踪
1	Companies should endeavor to purchase and upgrade software that includes electronic audit trail functionality. Where available, audit trail functionalities for electronic-based systems should be configured properly to capture general system events as well as any activities relating to the acquisition, deletion, overwriting of and changes to data for audit purposes. It is acknowledged that some simple systems lack appropriate audit trails; however, alternative arrangements to verify the veracity of data must be implemented, e.g. administrative procedures, secondary checks and controls. Audit trails should be verified during validation of the system. Audit trail functionalities must be enabled and locked at all times. For example, an individual involved in the input of and changes to HPLC data must not have access to enable and disable the audit trail as they desire. Companies should implement procedures that outline their policy and processes for the review of audit trails in accordance with risk management principles. Audit trails related to the production of each batch should be independently reviewed with all other records related to the batch and prior to the batch’s release, so as to ensure that critical data and changes to it are acceptable. This review should be performed by the originating department, and where necessary verified by the quality unit, e.g. during self-inspection or investigative activities.	Validation documentation should demonstrate that audit trails are functional, and that all activities, changes and other transactions within the systems are recorded, together with all metadata. Verify that audit trails are regularly reviewed (in accordance with quality risk management principles) and that discrepancies are investigated. If no electronic audit trail system exists a paper based record to demonstrate changes to data may be acceptable until a fully audit trailed (integrated system or independent audit software using a validated interface) system becomes available. These hybrid systems are permitted, where they achieve equivalence to integrated audit trail, such as described in Annex 11 of the PIC/S GMP Guide. Failure to adequately review audit trails may allow manipulated or erroneous data to be inadvertently accepted by the Quality Unit and/or Authorised Person.
	公司应尽力购买和更新软件，使其包括电子审订追踪功能。 如果可以，应对基于电子的系统的审核追踪功能进行适当参数设置，使其能捕获常规系统事件，以及所有与数据获取、删除、覆盖和修改相关的活动供审计用。 我们知道一些简单的系统缺乏适当的审计追踪，这时必须实施替代的方案来核查数据的真实性，例如，行政程序、辅助检查和控制。 审核追踪在系统的验证期间要进行核查。 审核追踪功能必须全程激活并锁定。例如，一位参与HPLC数据的输入和修改的员工不可以具备权限按其意愿来激活和关闭审计追踪。 公司应实施程序列出其对审计追踪的审核方针和流程，应该符合风险管理原则。与每批生产相关的审核追踪应在批放行之前与其它批相关记录一起进行独立审核，这样才能保证关键数据和对这些数据的修改是可以接受的。此审核应由原始操作部门实施，必要时由质量部门核查，例如，在自检期间或调查活动期间。	验证文件应证明审订追踪起到作用，所有活动、修改和系统内其它交易与所有元数据一起被记录。 核查审核追踪是否有定期审核（根据质量风险管理原则），不符合处是否有进行调查。 如果没有电子审计追踪系统，在可以获得全面审计追踪系统（集成系统或使用经过验证的接口的独立审计软件）之前使用纸质记录来证明对数据的修改是可以接受的。如果达到与集成审计追踪同样的功能，这种混合系统是允许的，例如PIC/S GMP指南附录11中所述的类型。 未能对审计追踪进行充分审核可能会导致篡改数据或错误数据被质量部门和/或授权人疏忽之下接受。
2	The company’s quality unit should establish a program and schedule to conduct ongoing reviews of audit trails based upon their criticality and the system’s complexity. Procedures should be in place to address and investigate any audit trail discrepancies, including escalation processes for the notification of senior management and national authorities where necessary.	Verify that self-inspection programs incorporate both random and targeted checks of audit trails, with the intent to verify the effectiveness of existing controls and compliance with internal procedures regarding the review of data.
	公司的质量部门应建立一个计划和时间表，根据其关键程度和系统复杂性对审计追踪实施持续审核。 应有程序处理和调查所有审计追踪不符合情况，包括通知高级管理层和国家药监（必要时）的升级处理流程。	核查自检计划是否包括随机和有目标的检查审计追踪，目的是验证现有控制的有效性，以及内部数据审核程序的符合性。

9.5 Data capture/entry for computerised systems 计算机化系统的数据捕获/输入

	Expectations 要求	Potential risk of not meeting expectations / items to be checked 不符合要求潜在风险/要检查的项目
Item:	Data capture/entry 数据捕获/输入
1	Systems should be designed for the correct capture of data whether acquired through manual or automated means. For manual entry: -    The entry of data should only be made by authorised individuals and the system should record details of the entry, the individual making the entry and when the entry was made. -    Data should be entered in a specified format that is controlled by the software, validation activities should verify that invalid data formats are not accepted by the system. -    All manual data entries should be verified, either by a second operator, or by a validated computerised means. -    Changes to entries should be captured in the audit trail and reviewed by an appropriately authorised and independent person. For automated data capture: -    The interface between the originating system, data acquisition and recording systems should be validated to ensure the accuracy of data. -    Data captured by the system should be saved into memory in a format that is not vulnerable to manipulation, loss or change. -    The system software should incorporate validated checks to ensure the completeness of data acquired, as well as any metadata associated with the data.	Ensure that manual entries made into computerised systems are subject to an appropriate secondary check. Validation records should be reviewed for systems using automated data capture to ensure that data verification and integrity measures are implemented and effective.
	不管是通过手动还是自动方式获得数据，系统设计应能正确捕获数据， 对于人工输入： -    数据应仅由经过授权的人员输入，系统应记录输入的细节，人员在输入时系统即行记录。 -    数据输入应有指定格式，格式受到软件控制。验证活动应核查是否无效数据格式不会被系统接受。 -    所有人工数据输入均应进行核对，可以是由第二个操作人员核对，也可以是由经过验证的计算机化方式。 -    对输入的修改应被审计追踪捕捉，并由适当授权的独立人员进行审核。 对于自动化数据捕获： -    产生数据的系统、数据获取和记录的系统之间的界面应经过验证，确保数据的准确性。 -    由系统捕获的数据应存贮在记忆存储内，其格式应不易伪造、丢失或修改。 -    系统软件应包括经过验证的检查，以确保所获得的数据，以及与数据相关的所有元数据的完整性。	确保人工输入计算机化系统数据会经过第二次核对。 应审核验证记录，看使用自动化数据捕获的系统是否能保证实施数据核对和完整性措施，并有效。
2	Any necessary changes to data must be authorised and controlled in accordance with approved procedures. For example, manual integrations and reprocessing of laboratory results must be performed in an approved and controlled manner. The firm’s quality unit must establish measures that ensure that changes to data are performed only when necessary and by designated individuals. Any and all changes and modifications to original data must be fully documented and should be reviewed and approved by at least one appropriately trained and qualified individual.	Verify that appropriate procedures exist to control any amendments or re-processing of data. Evidence should demonstrate an appropriate process of formal approval for the proposed change, controlled/restricted/defined changes and formal review of the changes made.
	对数据所做的必要的修改必须根据批准的程序进行授权和控制。 例如，手动积分和处理化验室结果必须以批准和受控的方式进行。公司的质量部门必须建立措施，确保对数据的修改只在必要时并且由指定的人员实施。 所有和任何对原始数据人修改必须全部记录，并至少由一个经过适当培训具备资质的人员进行审核和批准。	核查是否有适当的程序对数据修改和再处理进行控制。现有证据应能证明对于提议的变更、受控/受限/界定的变更有正式的批准流程，并且对所做的变更有正式的审核。

9.6 Review of data within computerised systems 计算机化系统中数据的审核

	Expectations 要求	Potential risk of not meeting expectations / items to be checked 不符合要求潜在风险/要检查的项目
Item:	Review of electronic data 电子数据审核
1	The regulated user should perform a risk assessment in order to identify all the GMP/GDP relevant electronic data generated by the computerised systems. Once identified, this critical data should be audited by the regulated user and verified to determine that operations were performed correctly and whether any change (modification, deletion or overwriting) have been made to original information in electronic records. All changes must be duly authorised. The review of data-related audit trails should be part of the routine data review within the approval process. Audit trails records should be in an intelligible form and have at least the following information: -    Name of the person who made the change to the data; -    Description of the change; -    Time and date of the change; -    Justification for the change; -    Name of any person authorizing the change. The frequency, roles and responsibilities of audit trails review should be based on a risk assessment according to the GMP/GDP relevant value of the data recorded in the computerised system. For example, for changes of electronic data that can have a direct impact on the quality of the medicinal products, it would be expected to review at each and every time the data is generated. The regulated user should establish a SOP that describes in detail how to review audit trails. The procedure should determine in detail the process that the person in charge for the audit trail review should follow. The audit trail activity should be documented and recorded. The records should be maintained together with the other GMP/GDP relevant documents. Any significant variation from the expected outcome found during the audit trail review should be fully investigated and recorded. A procedure should describe the actions to be taken if a review of audit trails identifies serious issues that can impact the quality of the medicinal products. The company’s Quality Unit (QU) should also review a sample of the audit trails records during the routine selfinspection.	Check local procedures to ensure that electronica data is reviewed based on its criticality (impact to product quality and/or decision making). Evidence of each review should be recorded and available to the inspector. Where data summaries are used for internal or external reporting, evidence should be available to demonstrate that such summaries have been verified in accordance with raw data.
	受法规约束的用户应实施风险评估，以识别所有由计算机化系统产生的GMP/GDP相关的电子数据。 一旦识别，此关键数据应由受法规约束的用户进行审订并核查，以确定操作能正确实施，确定在电子记录里的原始信息是否经过任何修改（修订、删除或改写）。所有变更都应经过适当授权。 对数据相关的审计追踪进行的审核应该是批准流程中日常数据审核的一部分。 审订追踪记录应该采用明白易懂的格式，至少含有以下信息： -    修改数据的人员姓名； -    修改描述； -    修改时间和日期； -    修改论证； -    授权修改的人员姓名。 审计追踪审核的频次、人员和职责应根据计算机化系统里所记录的数据的GMP/GDP相关值，基于风险评估确定。 例如，对药品质量有直接影响的电子数据的修订应该在每次和每个数据生产的时候进行审核。 受法规约束的用户应建立一个SOP，详细描述如何审核审计追踪。程序应详细确定审计追踪审核负责人员应该遵守的流程。审计依依惜别动应文件化并记录。 记录应与其它GMP/GDP相关文件一起维护。 所有在审计追踪审核中发现严重偏离预期结果的变化均应进行全面调查和记录。应有一个程序描述当审订追踪审核发现可能对药品质量有影响的严重问题时要采取的措施。 公司的质量部门（QU）也应在日常自检中抽样审核审计追踪记录。	检查现场程序是否能确保电子数据根据其关键程度（对产品质量和/或决策的影响）受到审核。每次审核的证据应记录，并可以提供给检查。 如果数据摘要用于内部或外部报告，应有证据用以证明此类摘要根据原始数据进行了核查。

9.7 Storage, archival and disposal of electronica data 电子数据的存贮、归档和销毁

	Expectations 要求	Potential risk of not meeting expectations / items to be checked 不符合要求潜在风险/要检查的项目
Item:	Storage, archival and disposal of electronica data 电子数据的存贮、归档和销售
1	Storage of data must include the entire original data and metadata, including audit trails, using a secure and validated process. If the data is backed up, or copies of it are made, then the backup and copies must also have the same appropriate levels of controls so as to prohibit unauthorised access to, changes to and deletion of data or their alteration. For example, a firm that backs up data onto portable hard drives must prohibit the ability to delete data from the hard drive. Some additional considerations for the storage and backup of data include: l   True copies of dynamic electronic records can be made, with the expectation that the entire content (i.e., all data and metadata is included) and meaning of the original records are preserved. l   Suitable software and hardware needs to be readily available for accessing data backups or copies. l   Routine backup copies should be stored in a remote location (physically separated) in the event of disasters. l   - Back-up data should be readable for all the period of the defined regulatory retention period, even if a new version of the software has been updated or substituted for one with better performance.	Check that data storage, back up and archival systems are designed to capture all data and metadata. There should be documented evidence that these systems have been validated and verified.
	数据的存贮必须包括整个原始数据和元数据，包括审计追踪。应使用经过验证的安全程序。 如果数据经过了备份，或者复制，则备份和副本也应该受到相同水平的控制，这样防止未经授权进入、修改和删除数据，或对数据进行替换。例如，一个公司将数据备份发到移动硬盘上，则必须禁用该硬盘的数据删除功能。数据存贮和备份中一些额外的考虑包括： l   可以制作动态电子记录的真实副本，要求保存全部的内容（即包括所有数据和元数据）和原始记录的含义。 l   读取数据备份和副本所需的适当的软件和硬件应易于获取。 l   日常备份副本应存贮在一个较远的位置（物理隔离）以防灾难。 l   备份数据应在界定的法规保存期限内可以读取，即使软件更新为新版本，或者被具有更好性能的其它软件所取代。	检查数据存贮、备份和归档系统的设计是否可以白葡萄所有数据和元数据。应有书面证据证明这些系统经过验证和核查。
2	The record retention procedures must include provisions for retaining the metadata. This allows for future queries or investigations to reconstruct the activities that occurred related to a batch.
	记录保存程序必须包括元数据保留条款。这样使得将来查询或调查时能够重新构建所发生与批次相关的活动。
3	Data should be archived periodically in accordance with written procedures. Archive copies should be physically secured in a separate and remote location from where back up data are stored. The data should be accessible and readable and its integrity maintained for all the period of archiving. There should be in place a procedure for restoring archived data in case an investigation is needed. The procedure in place for restoring archived data should be regularly tested. If a facility is needed for the archiving process then specific environmental controls and only authorised personnel access should be implemented in order to ensure the protection of records from deliberate or inadvertent alteration or loss. When a system in the facility has to be retired because problems with long term access to data are envisaged, procedures should assure the continued readability of the data archived. For example, it could be established to transfer the data to another system.	There is a risk with archived data that access and readability of the data may be lost due to software application updates or superseded equipment. Verify that the company has access to archived data, and that they maintain access to the necessary software to enable review of the archived data. Where external or third party facilities are utilised for the archiving of data, these service providers should be subject to assessment, and all responsibilities recorded in a quality technical agreement. Check agreements and assessment records to verify that due consideration has been given to ensuring the integrity of archived records.
	数据应根据书面程序进行定期归档。归档的副本应有物理安全保护措施，放在一个独立的较远的位置，远离备份数据存贮的位置。 数据应在整个归档周期内可以获取并读出，并保持其完整性。 应该有一个程序说明如果需要进行调查应如何恢复归档的数据。恢复归档数据的程序应定期进行测试。 如果归档程序需要一个场所，则应实施特定的环境控制，只有经过授权的人员才可以进入，以确保保护记录不会被有意和无意的篡改或丢失。如果场所内的系统由于长期调用数据而必须退役，则程序应确保所归档数据的持续可读性。例如，转移数据至另一系统。	由于应用软件的更新或设备替换，已归档数据的可读性和使用可能会有丢失的风险。核查公司是否能够进入已归档的数据，公司是否维持可以进入所需软件来对已归档数据进行审核。 如果需要使用外部或第三方设施来归档数据，应对这些服务提供商进行评估，在质量技术协议中记录所有职责。检查协议和评估记录，核查在确保归档记录的完整性中是否尽职。
4	It should be possible to print out a legible and meaningful record of all the data generated by a computerised system (including metadata). If a change is performed to records, it should be possible to also print out the change of the record, indicating when and how the original data was changed.	Check validation documentation for systems to ensure that systems have been validated for the generation of legible and complete records. Samples of print-outs may be verified.
	应该可以打印出计算机化系统产生的所有数据（包括元数据）的清晰有含义的记录。 如果对记录进行了修订，应该也可以打印出对记录的修订内容，显示出何时如何对原始数据进行了修订。	检查系统的验证文件，确保系统经过验证，可以产生出清晰完整的记录。 可以核查打印件的样本。
5	Procedures should be in place that describe the process for the disposal of electronically stored data. These procedures should provide guidance for the assessment of data and allocation of retention periods, and describe the manner in which data that is no longer required is disposed of.	Check that the procedures clearly stipulate the conditions for the disposal of data, and that care is taken to avoid the inadvertent disposal of required data during its lifecycle.
	应该的程序描述电子存贮数据的销毁流程。这些流程应提供数据评估指南，指定保存期限，描述不再需要的数据如何销售。	检查程序是否清楚规定数据销毁的条件，是否小心处理避免无意看销毁了尚在生命周期的数据。

---

[1] PIC/S PE 009 Guide to Good Manufacting Practice for Medicinal Products, specifically Part I chapters 4, Part II chapters 5, & Annex 11

PIC/S PE 009 药品GMP指南，具体为第一部分第4章，第二部分第5章和附录11.

[2] PIC/S PE 011 GDP Guide to Good Distribution Practice for Medicinal Products, specifically section 3.5 XXX

PIC/S PE 011 药品优良运输GDP指南，具体参见第3.5部分。

10 DATA INTEGRITY CONSIDERATIONS FOR OUTSOURCED ACTIVITIES 外包活动中数据完整性考虑
10.1 General supply chain considerations 一般供应链考虑

10.1.1 Data integrity plays a key part in ensuring the security and integrity of supply chains. Data governance measures by a contract giver may be significantly weakened by unreliable or falsified data or materials provided by supply chain partners. This principle applies to all outsourced activities, including suppliers of raw materials or contract manufacture / analytical services.

数据完整性在保证供应链的安全和完整性中扮演着重要的角色。合同发包方的数据管理措施可能会被供应链伙伴所提供的不可靠或伪造数据或材料大大削弱。此原则适用于所有外包活动，包括原料供应商，合同生产商/分析服务提供商。

10.1.2 Initial and periodic re-qualification of supply chain partners and outsourced activities should include consideration of data integrity risks and appropriate control measures.

对供应链伙伴和外包活动的初始和定期再确认应包括对数据完整性风险和适当的控制措施的考虑。

10.1.3 It is important for an organisation to understand the data integrity limitations of information obtained from the supply chain (e.g. summary records and copies /printouts), and the challenges of remote supervision. These limitations are similar to those discused in section 8.11 of this guidance This will help to focus resources towards data integrity verification and supervision using a qualiity risk management approach.

很重要的一点是公司应了解从供应链所获得的数据（例如，摘要记录和副本/打印件）完整性局限性，以及远程监督的挑战。这些局限性与本指南第8.11中所讨论的内容相类似。这会有助于采用质量风险管理方法，集中资源用于数据完整性核查和监管。

10.2 Routine document verification 日常文件核查

The supply chain relies upon the use of documentation and data passed from one organisation to another. It is often not practical for the contract giver to review all raw data relating to reported results. Emphasis should be placed upon robust supplier and contractor qualification, using the principles of quality risk management.

供应链依赖于从一个公司传送到另一个公司的文件记录和数据的使用。通常合同发包方去审核所有与报告结果相关的原始数据并不现实。应使用质量风险管理原则，重点关注供应商的稳健程度和合同方确认。

10.3 Strategies for assessing data integrity in the supply chain 供应链中数据完整性评估策略

10.3.1 Companies should conduct regular risk reviews of supply chains and outsourced activity that evaluate the extent of data integrity controls required. Information considered during risk reviews may include:

公司应对供应链和外包活动实施定期风险评审，评估所需数据完整性控制的程度。在风险评审中要考虑的信息可以包括：

l  The outcome of site audits, with focus on data governance measures

l  对审核的结果，关注数据管理措施

l  Review of data submitted in routine reports, for example:

l  审核日常报告中所提交的数据，例如：

Area for review	Rationale
审核领域	合理性
Comparison of analytical data reported by the contractor or supplier vs in-house data from analysis of the same material	To look for discrepant data which may be an indicator of falsification
将合同方或供应商所报告的分析数据与公司内对相同物料进行分析的数据进行比较	寻找有差异的数据，这可能是做假的征兆

10.3.2 Quality agreements should be in place in place between manufacturers and suppliers/contract manufacturing organisations (CMOs) with specific provisions for ensuring data integrity across the supply chain. This may be achieved by setting out expectations for data governance, and transparent error/deviation reporting by the contract acceptor to the contract giver. There should also be a requirement to notify the contract giver of any data integrity failures identified at the contract acceptor site.

生产商和供应商/合同生产组织（CMO）之间应签署质量协议，协议应有特定条款确保供应链中的数据完整性。这可以通过设定数据管理要求，要求合同接受方向合同发包方提交透明的错误/偏差报告来实现。还应该要求合同接受方通知合同发包方在其场所内识别出的所有数据完整性失败情况。

10.3.3 Audits of suppliers and manufacturers of APIs, critical intermediate suppliers and service providers conducted by the manufacturer (or by a third party on their behalf) should include a verification of data integrity measures at the contract organisation.

生产商（或委派第三方）对原料药供应商和生产商、关键中间体供应商和服务提供商实施的审计应包括对合同组织内数据完整性措施的核查。

10.3.4 Audits and routine surveillance should include adequate verification of the source electronic data and metadata by the Quality Unit of the contract giver using a quality risk management approach. This may be achieved by measures such as:

审计和日常监管应包括合同发包方质量部门采用质量风险管理方法对源电子数据和元数据的充分核查。可以通过如下一些方法达成目标：

Site audit	Review the contract acceptors organisational behaviour, and understanding of data governance, data lifecycle, risk and criticality.
现场审核	审核合同接受方的组织行为，了解数据管理、数据生命周期、风险和关键程度。
Material testing vs CoA	Compare the results of analytical testing vs suppliers reported CoA. Examine discrepancies in accuracy, precision or purity results. This may be performed on a routine basis, periodically, or unannounced, depending on material and supplier risks.
物料测试VS检验报告书	将分析测试的结果与供应商提交的COA进行比较。检查准确度、精确度或纯度结果之间的差异。这可以日常、定期或以飞行检查的方式实施，具体取决于物料和供应商的风险。
Remote data review	The contract giver may consider offering the Contracted Facility/Supplier use of their own hardware and software system (deployed over a Wide Area Network) to use in batch manufacture and testing. The contract giver may monitor the quality and integrity of the data generated by the Contracted Facility personnel in real time. In this situation, there should be segregation of duties to ensure that contract giver monitoring of data does not give provision for amendment of data generated by the contract acceptor.
远程数据审核	合同发包方可以考虑向合同工厂/供应商提供使用其自己的硬件和软件体系（通过宽域网实现），在批生产和批检验中使用。合同发包方可以实时监测合同工厂人员所产生的数据的质量和定速性。在此情形下，应该有明确的职责划分，确保合同发包商对数据的监测不会修改合同接受方产所生的数据。
Quality monitoring	Quality and performance monitoring may indicate incentive for data falsification (e.g. raw materials which marginally comply with specification on a frequent basis.
质量监测	质量和表现监测可以显示出数据做假的诱因（例如，原料刚刚符合质量标准的情况频繁发生）。

10.3.5 Contract givers may work with the contract acceptor to ensure that all client confidential information is encoded to de-identify clients. This would facilitate review of source electronic data and metadata at the contract giver’s site, without breaking confidentiality obligations to other clients. By reviewing a larger data set, this enables a more robust assessment of the contract givers data governance measures. It also permits a search for indicators of data integrity failure, such as repeated data sets or data which does not demonstrate the expected variability.

合同发包商可能与合同接受方合作来确保对所有客户机密信息进行加密，使得无法识别用户身份。这样能方便对合同发包方场所的源电子数据和元数据进行初核，而不会破坏对其它客户的保密义务。通过对更大的数据系列进行审核，能对合同发包方的数据管理措施进行更为稳定的评估。它还能搜索数据完整性失败指征，如重复的数据系列或不符合预期变化的数据。

10.3.6 Care should be taken to ensure the authenticity and accuracy of supplied documentation, (refer section 8.11). The difference in data integrity and traceability risks between ‘true copy’ and ‘summary report’ data should be considered when making contractor and supply chain qualification decisions.

应注意确保所提供文件记录的真实性和准确性，（参见第8.11部分）。在做出合同方和供应链确认决策时，应考虑“真实备份”和“总结报告”数据之间的数据完整性和可追溯性风险差异。

11 REGULATORY ACTIONS IN RESPONSE TO DATA INTEGRITY FINDINGS 数据完整性缺陷所引发的官方行动
11.1 Deficiency references 缺陷依据

11.1.1 The integrity of data is fundamental to good manufacturing practice and the requirements for good data management are embedded in the current PIC/S Guides to GMP/GDP for Medicinal products. The following table provides a reference point highlighting some of these existing requirements.

数据完整性对GMP是基本要求，优良数据管理的要求是嵌入现行的PIC/S药品GMP/GDP指南。以下表格提供了参考点，特别是一些已有要求。

ALCOA principle	PIC/S Guide to Good Manufacturing Practice for Medicinal products, PE009 (Part I):	PIC/S Guide to Good Manufacturing Practice for Medicinal products, PE009 (Part II):	Annex 11 (Computerised Systems)	PIC/S Guide to Good Distribution Practice for Medicinal products, PE011:
ALCOA原则	PIC/S药品GMP指南，PE009（第一部分）	PIC/S药品GMP指南，PE009（第二部分）	附录11（计算机化系统）	PIC/S药品GDP指南，PE011
Attributable 可追溯性	[4.20, c & f], [4.21, c & i], [4.29, e]	[6.14], [6.18], [6.52]	[2], [12.4], [15]	[4.2.4], [4.2.5]
Legible 清晰	[4.1], [4.2], [4.7], [4.8], [4.9], [4.10]	[5.43] [6.11], [6.14], [6.15], [6.50]	[7.1], [9], [10], [17]	[4.2.3], [4.2.9]
Contemporaneous 同步	[4.8]	[6.14]	[12.4], [14]	[4.1], [4.2.9]
Original 原始	[4.9], [4.27], [Paragraph "Record"]	[6.14], [6.15], [6.16]	[8.2], [9]	[4.2.5]
Accurate 准确	[4.1], [6.17]	[5.40], [5.45], [6.6]	[Paragraph "Principles"] [5], [6], [10], [11]	[4.2.3]

11.2 Classification of deficiencies 缺陷分类

Note: The following guidance is intended to aid consistency in reporting and classification of data integrity deficiencies, and is not intended to affect the inspecting authority’s ability to act according to national legal frameworks.

注：以下指南意在帮助数据完整性缺陷采用一致的方式进行报告和分级，无意影响检查当局根据国家法律框架采取行动的能力。

11.2.1 Deficiencies relating to data integrity failure may have varying impact to product quality. Prevalence of the failure may also vary between the action of a single employee to an endemic failure throughout the inspected organisation.

与数据完整性失败相关的缺陷可能会根据其对药品质量的影响不同而不同。失败的普遍程度可能也有很大差异，从单个员工的动作到在整个受检公司内的常见失败。

11.2.2 The draft PIC/S guidance[1] on classification of deficiencies states:

PIC/S缺陷分级指南草案声明：

“A critical deficiency is a practice or process that has produced, or leads to a significant risk of producing either a product which is harmful to the human or veterinary patient or a product which could result in a harmful residue in a food producing animal. A critical deficiency also occurs when it is observed that the manufacturer has engaged in fraud, misrepresentation or falsification of products or data”.

“关键缺陷是已产生，或将导致对药品对人兽患者产生伤害，或可能导致食用动物中有害残留的重大风险。当发现生产商进行欺骗、歪曲或假造药品或数据时，也构成关键缺陷。”

11.2.3 Notwithstanding the “critical” classification of deficiencies relating to fraud, misrepresentation or falsification, it is understood that data integrity deficiencies can also relate to:

尽管缺陷的“关键”分级与欺骗、歪曲或造假相关，但要了解数据完整性缺陷也可能是关于：

-    Data integrity failure resulting from bad practice,

-    由于不良做法导致的数据完整性失败；

-    Opportunity for failure (without evidence of actual failure) due to absence of the required data control measures.

-    由于缺乏所需的数据控制措施而导致的失败机会（没有实际失败证据）。

11.2.4 In these cases, it may be appropriate to assign classification of deficiencies by taking into account the following (indicative list only):

在这种情形下，考虑到以下原因，可能将缺陷进行如下归类（只是指示性清单）：

Impact to product with risk to patient health: Critical deficiency:

对产品的影响导致对患者健康有风险：关键缺陷

-    Product failing to meet specification at release or within shelf life.

-    产品不符合放行质量标准或货架期内质量标准。

-    Reporting of a ‘desired’ result rather than an actual out of specification result when reporting of QC tests, critical product or process parameters.

-    在报告QC检测、关键产品或工艺参数时，报告“所需”结果，而不是实际超标结果。

Impact to product with no risk to patient health: Major deficiency:

对产品的影响没有患者健康风险：主要缺陷

-    Data being miss-reported, e.g. original results ‘in specification’, but altered to give a more favourable trend.

-    数据漏报，例如原始结果“符合质量标准”，但进行修改给出更好的趋势。

-    Reporting of a ‘desired’ result rather than an actual out of specification result when reporting of data which does not relate to QC tests, critical product or process parameters.

-    在报告非QC检测、关键产品或工艺参数数据时，报告“所需”结果，而不是报告实际的OOS结果

-    Failures arising from poorly designed data capture systems (e.g. using scraps of paper to record info for later transcription).

-    设计不良的数据捕获系统产生的失败（例如，使用废弃的纸记录信息，事后再转抄）。

No impact to product; evidence of widespread failure: Major deficiency:

对产品没有影响；有发现广泛的失败证据：主要缺陷

-    Bad practices and poorly designed systems which may result in opportunities for data integrity issues or loss of traceability across a number of functional areas (QA, production, QC etc). Each in its own right has no direct impact to product quality.

-    可能会导致数据完整性问题或大量功能性领域（QA、生产、QC等）可追溯性缺失机会的不良做法和设计不良的系统。

No impact to product; limited evidence of failure: Other deficiency:

对产品没有影响；失败证据有限：其它缺陷

-    Bad practice or poorly designed system which result in opportunities for data integrity issues or loss of traceability in a discrete area.

-    不良做法或设计不良的系统，会导致数据完整性问题或零散领域内可追溯性缺失的机会。

-    Limited failure in an otherwise acceptable system.

-    其它可接受系统里有限的失败。

11.2.5 It is important to build an overall picture of the adequacy of the key elements (data governance process, design of systems to facilitate compliant data recording, use and verification of audit trails and IT user access etc.) to make a robust assessment as to whether there is a company-wide failure, or a deficiency of limited scope/ impact.

很重要的一点是要建立关键要素（数据管理流程、系统设计促进符合性数据记录、使用和核对审核追踪和IT用户权限等）充分性的整体画面，以做出稳健的评估，确定是否在公司范围内都存在失败，还是在有限的范围/影响的缺陷。

11.2.6 Individual circumstances (exacerbating / mitigating factors) may also affect final classification or regulatory action. Further guidance on the classification of deficiencies and intra-authority reporting of compliance issues will be available in the PIC/S guidance on the classification of deficiencies, once it has been published.

个别环境（加剧/缓解因素）可能也会影响分级和法规行动。关于缺陷分级和药监局内报告符合性问题的更多指南将能够在PIC/S缺陷分级指南（发布之后）中可以找到。

12 REMEDIATION OF DATA INTEGRITY FAILURES 数据完整性失败的弥补措施
12.1 Responding to Significant Data Integrity issues 对重大数据完整性问题的响应

12.1.1 Consideration should be primarily given to resolving the immediate issues identified and assessing the risks associated with the data integrity issues. The response by the company in question should outline the actions taken. Responses should include:

首先应考虑解决所识别的紧急问题，评估与数据完整性相关的风险。公司的回复应列出所采取的行动。回复应包括：

12.1.1.1 A comprehensive investigation into the extent of the inaccuracies in data records and reporting, to include:

对数据记录和报告不准确的深度的全面调查，其中包括：

-    A detailed investigation protocol and methodology; a summary of all laboratories, manufacturing operations, and systems to be covered by the assessment; and a justification for any part of the operation that the regulated user proposes to exclude;

-    详细的调查方案和方法学；所有化验室、生产操作和评估所包括的系统的总结；受法规约束的用户要排除的所有操作；

-    Interviews of current and former employees to identify the nature, scope, and root cause of data inaccuracies. These interviews may be conducted by a qualified third party;

-    与现有和离职员工面谈，识别出数据不准确的情况、范围和根本原因。这些面谈可能由有资质的第三方实施；

-    An assessment of the extent of data integrity deficiencies at the facility. Identify omissions, alterations, deletions, record destruction, noncontemporaneous record completion, and other deficiencies;

-    对设施内数据完整性程度的评估。识别忽略、篡改、删除、记录销毁、不同步记录完整性和其它缺陷；

-    determination of the scope and extent and timeframe for the incident, with justification for the time-boundaries applied;

-    确定违规事件的范围和程度及时间段，以及对时间段认定的论证；

-    data, products, processes and specific batches implicated in any investigations;

-    在所有调查中涉及的数据、产品、工艺和特定批次；

-    A description of all parts of the operations in which data integrity lapses occur, additional consideration should be given to global corrective actions for multinational companies or those that operate across multiple differing sites;

-    描述所有发生数据完整性问题的操作部分，跨国公司和在多个不同地域运营的公司还要考虑全球性纠正措施；

-    A comprehensive retrospective evaluation of the nature of the testing and manufacturing data integrity deficiencies, and the potential root cause(s). The services of a qualified third-party consultant with specific expertise in the areas where potential breaches were identified may be necessary;

-    对检验和生产数据完整性缺陷的情况进行全面回顾评估，并找出可能的根本原因；如果识别出潜在的问题，可能需要使用擅长此领域的有资质的第三方顾问提供服务；

-    A risk assessment of the potential effects of the observed failures on the quality of the drugs involved. The assessment should include analyses of the risks to patients caused by the release of drugs affected by a lapse of data integrity, risks posed by ongoing operations, and any impact on the veracity of data submitted to regulatory agencies, including data relatedto product registration dossiers;

-    对所发现的失败对所涉及的药品质量的潜在影响进行风险评估。评估应包括放行受数据完整性问题影响的药品所引起的对患者的风险的分析，持续运营所具有的风险，以及对于提交给法规机构的数据的真实性的影响，包括与药品注册文件相关的数据。

12.1.1.2 Corrective and preventative actions taken to address the data integrity vulnerabilities and timeframe for implementation, and including:

所采取的解决数据完整性弱点的CAPA和实施的时间表，还要包括：

-        Interim measures describing the actions to protect patients and to ensure the quality of the medicinal products, such as notifying customers, recalling product, conducting additional testing, adding lots to the stability program to assure stability, drug application actions, and enhanced complaint monitoring.

-        临时措施，说明保护患者的措施以及确保药品质量的措施，例如，通知客户、召回药品、实施附加测试、增加稳定性试验计划的批次以保证稳定性、药品申报措施和加强投诉监管。

-        Long-term measures describing any remediation efforts and enhancements to procedures, processes, methods, controls, systems, management oversight, and human resources (e.g., training, staffing improvements) designed to ensure the data integrity.

-        长期措施，说明为确保数据完整性，所设计的对程序、工艺、方法、控制、系统、管理、监管和人力资源（例如，培训、员工提升）采取的所有弥补努力和加强措施，

12.1.2 Whenever possible, inspectorates should meet with senior representatives from the implicated companies to convey the nature of the deficiencies identified and seek written confirmation that the company commits to full disclosure of issues and their prompt resolution. A management strategy should be submitted to the regulatory authority that includes the details of the global corrective action and preventive action plan. The strategy should include:

检查组应尽可能会见牵涉其中的公司的高级管理代表，传达所发现的缺陷的情况，寻求公司出具书面承诺，保证全面公开问题并及时解决问题。应向法规当局提交管理策略，在其中包括全球CAPA计划的详细内容。策略应包括：

-        A detailed corrective action plan that describes how the regulated user intends to ensure the reliability and completeness of all of the data generated, including analytical data, manufacturing records, and all data submitted to the Competent Authority.

-        详细的纠正计划，其中描述受法规约束的用户如何力保所有产生的数据的可靠性和完整性，包括分析数据、生产记录和所有提交给药监当局的数据。

-        A comprehensive description of the root causes of your data integrity lapses, including evidence that the scope and depth of the current action plan is commensurate with the findings of the investigation and risk assessment. This must indicate if individuals responsible for data integrity lapses remain able to influence GMP/GDP-related or drug application data.

-        你们数据完整性问题根本原因的全面描述，包括证明当前所采取的措施计划的范围和深度与调查结果和风险评估结果相称的证据。它必须显示出对数据完整性问题承担责任的人员是否还有能力对GMP/GDP相关数据或药品申报数据产生影响。

12.1.3 Inspectorates should implement policies for the management of significant data integrity issues identified at inspection in order to manage and contain risks associated with the data integrity breach.

检查组应针对检查期间发现的重大数据完整性问题实施管理方针，以管理和控制与数据完整性受破坏而带来的风险。

12.2 Indicators of improvement 改进指标

12.2.1 An on-site inspection is required to verify the effectiveness of actions taken to address data integrity issues. Some indicators of improvement are:

要进行现场检查以核查所采取的解决数据完整性问题的措施的有效性。一些改进指标如：

12.2.1.1 Evidence of a thorough and open evaluation of the identified issue and timely implementation of effective corrective and preventative actions;

对所识别的问题进行彻底开放的评估，及时实施有效的CAPA。

12.2.1.2 Evidence of open communication of issues with clients and other regulators. Transparent communication should be maintained throughout the investigation and remediation stages. Regulators should be aware that further data integrity failures may be reported as a result of the detailed investigation. Any additional reaction to these notifications should be proportionate to public health risks, to encourage continued reporting;

与客户和其它法规管理人员公开沟通问题的证据。在调查和缺陷弥补阶段应维持透明的沟通。法规管理人员应明白在详细调查中可能会报告更多数据完整性失败。对这些通知所采用的额外行动应与公众健康风险成比例，以鼓励持续报告行为。

12.2.1.3 Evidence of communication of data integrity expectations across the organisation, incorporating processes for open reporting of potential issues and opportunities for improvement without repercussions;

组织内数据完整性要求沟通的证据，包括公开报告潜在问题和改进机会而不产生不良后果的流程，

12.2.1.4 The regulated user should ensure that an appropriate evaluation of the vulnerability of any sophisticated electronic systems to data manipulation takes place to ensure that follow-up actions have fully resolved all the violations, third party expertise may be required;

受法规约束的用户应确保对所有复杂电子系统的可能发生数据篡改的弱点进行适当的评估，确保跟踪措施能全面解决所有违规情况，可以利用第三方专家。

12.2.1.5 Implementation of data integrity policies in line with the principles of this guide;

实施数据完整性方针，符合本指南中的原则。

12.2.1.6 Implementation of routine data verification practices.

实施日常数据核查规范。

13 DEFINITIONS 定义
13.1 Archive 归档

Long term, permanent retention of completed data and relevant metadata in its final form for the purposes of reconstruction of the process or activity.

完整数据和相关元数据以其最终可以重新构建过程和活动的形式被长期永久保存。

13.2 Audit Trail 审计追踪

GMP/GDP audit trails are metadata that are a record of GMP/GDP critical information (for example the change or deletion of GMP/GDP relevant data), which permit the reconstruction of GMP/GDP activities.

GMP/GDP审计追踪是GMP/GDP关键信息（例如，GMP/GDP相关数据的修改和删除）记录的元数据，它使得可以重新构建GMP/GDP活动。

13.3 Back-up 备份

A copy of current (editable) data, metadata and system configuration settings (e.g. variable settings which relate to an analytical run) maintained for the purpose of disaster recovery.

现行（可编辑）数据、元数据和系统参数设置（例如，与分析运行有关的可变设置）为保证灾难后恢复而保存的副本。

13.4 Data 数据

Facts, figures and statistics collected together for reference or analysis.

所收集用于参考或分析的事实、数值和统计结果。

13.5 Data Governanace 数据管理

The sum total of arrangements to ensure that data, irrespective of the format in which it is generated, is recorded, processed, retained and used to ensure a complete, consistent and accurate record throughout the data lifecycle.

保证数据（不管其格式如何、如何生成）的记录、处理、保存和使用过程的一系列安排的总和，用以确保整个数据生命周期中其完整性、一致性和准确性。

13.6 Data Integrity 数据完整性

The extent to which all data are complete, consistent and accurate throughout the data lifecycle.

所有数据在其生命周期内的完整、一致和准确程度。

13.7 Data Lifecycle 数据生命周期

All phases in the life of the data (including raw data) from initial generation and recording through processing (including transformation or migration), use, data retention, archive / retrieval and destruction.

数据（包括原始数据）生命中所有阶段，从最初产生和记录到处理（包括转化或迁移）、使用、数据保存、归档、恢复和销毁。

13.8 Exception report 异常报告

A validated search tool that identifies and documents predetermined ‘abnormal’ data or actions, which requires further attention or investigation by the data reviewer.

一个经过验证的搜索工具，它识别并记录预定为“异常”的数据或行为，需要数据审核员更多关注或进一步调查。

13.9 Flat file 平面文件

A ‘flat file’ is an individual record which may not carry any additional metadata with it, other than that which is included in the file itself.

“平面文件”指除了文件本身包括的内容外，不带有任何额外元数据的单个记录。

13.10 Meta-data 元数据

data that describe the attributes of other data, and provide context and meaning.

描述其它数据属性，提供环境和含义的数据。

14 REVISION HISTORY 修订历史

Date 日期	Version Number 版本号	Reasons for revision修订理由

---

[1] This draft guidance has not been published yet. 该指南草案尚未发布。

谢谢分享，好好学习！

谢谢分享，好好学习！